We’re not a fascist, propaganda-addicted cult guys, trust us

Not at all what I meant. The premise was that this wouldn’t happen if they were being paid fairly. Supply chain attacks happen with or without fair pay.

Look at what happened with the XZ backdoor. Whether or not they’re getting paid just means a different door is opened.

The root of the problem is that we blindly trust anyone based on name-brand and popularity. That has never in the existence of technology been a reliable nor an effective means of authentication.

If it’s not outright buying out companies it will be vulnerabilities/lack of appropriate management, if it’s not vulns it’ll be insider threat.

These are problems we’ve known about for at least a decade+ and we’ve done fuck all to address the root of the problem.

Never trust, always verify. Simple as that.

… he made plenty off the product and made additional when he sold. Devs ability to make money has nothing to do with companies coming in and injecting malware to the service.

Any threat actor group with sufficient funds from various campaigns, spyware, etc could use said funds to buy out a dev, owner, etc.

Not to mention state-sponsored threat actors. This is the perfect example of distracting from the fact of what happened.

Good catch! Missed that one

Because it exposes root and system internals. Biggest reason android devices get compromised/hacked and your fun, quirky android becomes a link in a bot net peddling god knows what including attacks against people and other illegal activities and media

For anyone interested - I’d you are using umatrix to block shit you can punch these lines into a new text file and import as blocklist, then commit it with the tiny arrow that points left toward the permanent list to save it permanently:

* www[.]googie-anaiytics[.]com * block

* kuurza[.]com * block

* cdn[.]polyfill[.]io * block

* polyfill[.]io * block

* bootcss[.]com * block

* bootcdn[.]net * block

* staticfile[.]org * block

* polyfill[.]com * block

* staticfile[.]net * block

* unionadjs[.]com * block

* xhsbpza[.]com * block

* union[.]macoms[.]la * block

* newcrbpc[.]com * block

Remove the square brackets before saving the file - these are here to prevent hyperlinks and misclicks.

Edit: this is not a bulleted list, every line must start with an asterisk, just in case your instance doesn’t update edits made to comments quickly.

Edit2: added new IOCs

Edit3: MOAR IOCS FOR THE HOARDE

This has almost nothing to do with what you’re talking about.

A Chinese company bought the domain and the service in February and are attacking people in highly specific conditions. (Mobile devices at specific times)

This is an attack. Not negligence, not an uh oh oopsie woopsie fucky wucky. Attack.

Intuit uses pollyfill… and a lot of people use that service.

Cloudflare and fastly wouldn’t be setting up mirrors if it weren’t still being used, I can guarantee that.

You mean to tell me that a system designed to learn what’s most common, over what is prevalent, got things wrong? Things that could change each year?

Crazy. Yet another misuse of new things by ignorant people in power. Who would’ve guessed!

Oh wait - The Great Leap Forward (Mao, naturally), The Opium Wars, Social Media PsyOps by numerous govts, Asbestos, Abuse of Surveillance, Boeing 737 debacle, etc.

Guess history will keep repeating itself until we actually get the lesson through our thick heads. Take your time to understand how things work, and how they cut before impacting huge amounts of people.

Tl;Dr new Linux malware specific to a flavor used by the Indian government uses emojis as a c2 comms path

So when you hover over an item usually, it shows on the bottom left/right what the link is

But in this case (edge and chrome) I see the link actively changing and like resolving or something of the sorts. Very odd. I don’t normally use these two put it was the only way I could see the sponsored links (thanks Firefox!)

Normally I’d expect just a static “this link here, goes here” rather than it changing in real time like this. Wondering if it’s normal chrome/chromium behavior or if this is an exploitation of google search functionality stemming from the google search source code leaks from earlier last week or the week prior.

Very interesting stuff.

We can tell. Good luck with 0 people respecting you out there kid

Do you have an easier time catching flies with vinegar or with honey?

Probably could’ve worded this better.

Maybe a “What have you all setup to remove these features, how are you running windows, etc “

Best to lead with pure curiosity and questions than to lead with assumptions. We don’t know what we don’t know, and that also means that the depth of what we don’t know could be surprisingly deep.

Stay curious!

Red flags aren’t guaranteed to be a problem, they should just weigh heavier on your assessment of risk

Cheap TLDs should always be a red flag imo

Discord: our platform is being abused to peddle malware via c2 channels, file repositories, etc. So to combat this problem, we’re going to ruin the customer experience!

Knew it before you even said it

Lemmy.ml bans anyone and anything that has to do with even slightly anti-Russia or anti China sentiments.

Posted a comment the other day that China was still supporting Russia who were killing innocent people and got banned, then one of the admins responded, and then my comment was removed.

Seems like a super good area to have open and honest discussions and debates.

Removed by mod

I’m still waiting for modular phones to be more mainstream. Tired of the ewaste. Tired of the anti consumer practices. Tired of planned obsolescence.