A flight-sim installer ran a "Chrome Password Dump" tool on copies suspected of "piracy"

arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates

archive.is/2018.02.19-181553/https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/

Why is it commonly accepted that software installers have root access to the system?
Legitimate software authors ain't gonna abuse it, right?
For bonus points, it seems the passwords were sent over plain HTTP (so a lot of 3rd parties automatically got a copy as well), and it could be possible that in fact they snatched passwords from all users, to err on the side of caution.

Good, Chrome useds deserve it.

Don't cut yourself on that edge, wget user!

What if it was Firefox or, you know, Palemoon/lynx/qutebrowser/etc.

Wow, its almost like you can get AIDS from dodgy Russian cracks if you don't use a cyber-condom, in our case, is a sandbox or a virtual machine.

Android does not have this problem. Our Lord and Savior Google guards over us. Wincucks BTFO

Firefox lets you use a master password.

This doesn't address the problem that installers run as root, also sage this shit thread.

this is solved by installing a keylogger.
if a fucking game requires root to install, the browser choice doesn't matter much in the long run. as long as this shit is possible, they will mistreat users.

Lol no, this shit is possible even in user level installers. In Unixland, Chrome and Firefox data are generally on your home directory, completely unprotected of reads by default from any program running as "you" or, depending on the distro, and by default, ANY program in the system. In Windows this is not much better, as they are inside %APPDATA% amd suffer from the same limitations. I repeat: stealing all your passwords is as easy as copying this folder, and considering all programs you run have the same permissions as your user, all programs are free to interact with each other's config files. The only sane way out is sandboxing, which Android does by default; any other operating system would require third party sandboxing software (ie. Firejail, Sandboxy), or a complete redesign of the way program storage or even processes altogether are handled, but forget about this ever happening because it would be "bloat" for suckless idiots and could probably require work by distro maintainers' part, which is quite hard considering some distroes, like Debian or Arch, have sloths for maintainers.

Remember: even trustworthy software can become untrustworthy due to the funny way C and C++ (protip: 90% of your system is written with those) handle stuff. Without proper hardening features, and even then, ANY program could steal all of your data if not sandboxed. Desktop security is fundamentally borked and you need to heavily reconfigure your stuff if you remotely want to stay safe.

This is why when you have truly grokked computers you will realize, it will become self evident, that c+= is truly the best language. A perfect language.

Privilege checks at every instruction is the only solution.

Like SELinux? Could you please elaborate?

welcome to >>>Holla Forums how can i help you?

Well at least Chrome on Windows does a bit more than this.
But yeah, the default situation on desktop OSes sucks donkey balls.

You can install keyloggers on Unixlikes without admin rights, unless you set your user-writable partitions as noexec. Fun times.


Generally speaking, in theory, only syscalls should be privilege checked, but the problem is we so not have a sane tight permission system yet in any OS but Android. In Android, more or less every program is forced to conform to the OS' permissions system in order to acquire them, whereas other OSes simply restrict processes on a case by case basis, so if you missed configuring one you are fucked.

In practice, rowhammer is a thing.


Libre programs written by Pajeets (aka any programmer that's not you who was having a bad day the moment he wrote a single line of code) are as bad without proper hardening. Even with hardening, some hackers can do some mighty crazy stuff: the Black Sun server from OverTheWire was a grsec-enabled box and you were supposed to exploit it.

Running software will bite you in the ass.

t. proprietary apologist B$D cuck

running software BLINDLY will bite you in the ass
at least you have the chance to look at OSS without needing a disassembler

They asked for this.

This is the basic of the basic of Linux security, if you not doing at least this for your security then you are doing everything wrong.
Ideally you would actually sandbox applications that deal with sensitive data.

Fuck off gnu-male

Typical pajeet.

What if you accidentally run an application you did not configure? What if one of your properly isolated but not sandboxed geta exploited, goes rogue and manages to wreck havok by using a non sandboxed application with elevated privileges (think suid) in unintended and unexpected ways?

No, if the defaults are not sane, there is something wrong with the program and has to be fixed. You are suggesting blacklisting stuff in a case by case basis rather than applying a sane and secure default clearance profile to all programs and then building up from there. This is the sysadmin equivalent of having a huge switch block to handle every single possible case instead of building a more general construct. This is code smell, so why is it not sysadmin smell?

This is fucked up. I hope they get sued to oblivion just like Sony.

is this true for android x86 as well?

For some reason I find this incredibly hilarious. Also, unfortunately, it seem like this could have been used to try to penetrate the computers of Lockheed Martin employees, some of whom might use or test mods to their software.

Anybody else feel like we've been through this before?

...

Libre programs means that users will always have the permission to study and modify the software at any time. When the time happens such that there is proof that a program is misbehaving, then users are always free to improve it. This is not true for proprietary software. For proprietary software, users are completely forbidden to study or modify the software.

Containers and VMs would be nice. A decent permissions system would be great. A good OS that has both is what we actually need.

Android?

TL;DR In pseudo-code:
10 IS SOFTWARE FREE?20 BRANCH "YES" 30, "NO" 4030 ENJOY SOFTWARE40 DID YOU PAY FOR SOFTWARE?50 BRANCH "YES" 30, "NO" 6060 ENJOY MALWARE70 END

Wrong. C/C++ has horrible code locality issues due to the forced split between source (.c*) and header (.h*) files. This pressures programmers to develop less-advanced algorithms.

There is no force to split source files and header files. If you want, you can do without the header files, it's not necessary for C programs.

...

See, this is why you should only use flight sims that respect your fucking freedoms! Sure FlightGear looks like it was made for the original Xbox, but it's VERY unlikely the devs would ever try to pull shit like this.

...

He's probably a /g/ refugee and doesn't know about c+= yet.

Good for phones once you remove the closed source non-free bloatware. Terrible idea for desktops.

Android doesn't run applications in a VM though. In Android every usermode application is installed under its own user with its own R/W permissions. So Application A does not have write permissions to the home folder or the folder under application B for example. You could probably setup any distro to do this if you know how.

If this is true, what's in this fucker's head? These anti-piracy corporate people live in a clownworld, man, for fuck's sake! They dream up a version of how they wanted the world to be, and just pursue that with the intellectual capacity of a zombie.

Too be honest that sounds like a symptom of actual, clinical autism. Maybe whoever thought this was a good idea was autistic. Most people on this board should be able to relate to him if that's the case

Explain.

This is true.

But this is the wrong kind of autism, so fuck him. 8==ะท

Autism can manifest itself as narcisism and megalomania, which people with an intense thirst for profit have for other reasons.

just wanted to say, fuck this faggot.

How come I never heard about this before? Its even has a official package
Looks very nicely made and active (unlike Xonotic which is dead)

>make pilot's twitter account (((suicidal))) as possible and meltdown but beforehand the ISP should have already locked out the pilot's from loggin in
>(((profit)))

Isn't this illegal, even in shitholes like clapistan?

Kill yourself faggot