Shit article that barely summarizes the original Kaspersky report and then adds a clickbait headline. There are no “advanced sophisticated techniques” mentioned at all.

Some file formats just seem to be cursed.

Who else remembers when every week there was a new 0-day in Adobe Acrobat Reader and Macromedia Flash Player?

QubesOS can be built from source code but none of the linux distros can.

lol what?

Is this concern trolling?

You would need an equal and opposite angular momentum at the back of the chainsaw otherwise it will just rotate upwards and loop around in circles.

macOS Security page: https://support.apple.com/en-us/121753

iOS Security page: https://support.apple.com/en-us/121752

TLDR: update to macOS 15.1.1 and to iOS 18.1.1 (or iOS 17.7.2)

Yes sorry, I didn’t realize that until I posted it and saw all of the “cross-posted to:” links. It’s the first time it’s posted to this community though, and I think it’s an important topic.

If you distribute Linux crackers then you need to provide not just the list of ingredients but also the recipe used to make them.

How the OOM Killer asks a process to terminate:

indiscriminate spraying

He refers to himself as “Ba3” but a bishop on a3 would be a dark-square bishop 🤔

alt text: “We’re going to have to work together to get over our hangups if we’re going to learn to move on Catan’s hexagonal grid. It’s bad enough that we lost our crew of pawns when we passed within firing range of Battleship.”

This could also mean that they have found a (classical) vulnerability in one of the most used Post Quantum Encryption algorithms (such as Kyber) and they want everyone to switch to using it ASAP.

If this is impersonation (which it looks to be) shouldn’t it be removed?

Are you going to set the precedent that impersonation of figures in the open source community is allowed?

Personally I would be in favor of removing this post until OP can provide proof of identity (eg. by posting something on the main github account corroborating this post).

There’s something important missing from this article:

Eventually, that same USB drive is inserted into an air-gapped computer, allowing GoldenDealer to install GoldenHowl (a backdoor) and GoldenRobo (a file stealer) onto these isolated systems.

Why is an airgapped machine running executable code from a USB drive? Is there some OS-level vulnerability being exploited?

The original writeup says the following:

It is probable that this unknown component finds the last modified directory on the USB drive, hides it, and renames itself with the name of this directory, which is done by JackalWorm. We also believe that the component uses a folder icon, to entice the user to run it when the USB drive is inserted in an air-gapped system

So we have airgapped machines that rely on users to click icons in a graphical file manager to move data from USB drives. This is a complete failure of security procedure. If you have systems that need to be airgapped then you also need the corresponding procedures for use of those systems to prevent this kind of compromise.

There are several (search communities for “tips”), they just have very few users and no recent posts.

The exact same post word for word from a 12 day old reddit post:

https://www.reddit.com/r/LifeProTips/comments/1fntigb/lpt_if_your_wifegirlfriendpartner_is_getting/

This vuln is not new, it was published 3.5 years ago: https://nvd.nist.gov/vuln/detail/CVE-2020-26558

Pretty sure this was described exactly in Snow Crash (Neal Stephenson, 1992).

I read the source code and this is a hobby-project that you could write in an afternoon with no knowledge of cryptographic protocols.

There are dozens of obvious deficiencies even to me and I am no expert in cryptography. An easy example to point out is that there is no input validation and no error checking or exception handling. Both the client and server just assume that the other side is a well-behaving correct implementation.

The author should not be posting this around as if it’s a serious tool for people to use. If anything it’s a starting point for OP to get advice from experts on how real systems do this properly. I’d recommend that the author spends a LOT of time reading before doing. There are numerous design documents of real systems and protocols, and some good comprehensive books too.

You’re just kink-shaming sex toys now.