KDE Vulnerability Released on Twitter - Chris Titus Tech
video description
Date: 2022-03-21
Related videos
Comments and reviews: 10
Алексей
I wouldn't say that this -vulnerability- is that hard to exploit. Many people do download archives with documents, themes, icons, source code etc. And you don't even need to run anything - just navigate to that folder, and you're screwed. I don't think that opening a folder is what most people suppose to be dangerous whatsoever, unlike executing a random file. So yeah, this is pretty serious.
Besides, one can exploit this with a removable media as well: just open a flash drive with such folder inside - and your $HOME is gone, or you're mining bitcoins for someone.
reply
I wouldn't say that this -vulnerability- is that hard to exploit. Many people do download archives with documents, themes, icons, source code etc. And you don't even need to run anything - just navigate to that folder, and you're screwed. I don't think that opening a folder is what most people suppose to be dangerous whatsoever, unlike executing a random file. So yeah, this is pretty serious.
Besides, one can exploit this with a removable media as well: just open a flash drive with such folder inside - and your $HOME is gone, or you're mining bitcoins for someone.
reply
My
I never worry about these things on linux because:
1. I only download shit from the maker's website or the software store of my distro. I know that I could still get hit, but at least a lot safer than just hopping around the internet copying and pasting commands from there.
2. I never do serious business on linux. Literally, learn programming, some YouTube vids, reading online or finding solutions on my distro's forums ......etc and tinkering with the looks of my DE.
reply
I never worry about these things on linux because:
1. I only download shit from the maker's website or the software store of my distro. I know that I could still get hit, but at least a lot safer than just hopping around the internet copying and pasting commands from there.
2. I never do serious business on linux. Literally, learn programming, some YouTube vids, reading online or finding solutions on my distro's forums ......etc and tinkering with the looks of my DE.
reply
ChristopherCobra
Actually, many new users could fall into this trap. -Linux is invulnerable- (or similar) is what many new users have been told by folks who use Linux - it's one of the major selling points. What they don't pick up on are the many caveats to that. I haven't looked at this one - but unless the knowledge needed to make it work is higher enough that most users who might fall for it would likely know better - then it could be a real problem.
reply
Actually, many new users could fall into this trap. -Linux is invulnerable- (or similar) is what many new users have been told by folks who use Linux - it's one of the major selling points. What they don't pick up on are the many caveats to that. I haven't looked at this one - but unless the knowledge needed to make it work is higher enough that most users who might fall for it would likely know better - then it could be a real problem.
reply
Paul
I have some KDE components installed. I don't think I have enough installed to get the vulnerability to work here though. I certainly do not have enough of KDE installed to actually run KDE.
pfred1-five:-$ aptitude show plasma-workspace
State: not installed
That's the package that has startkde in it. Know how your package manager works kids.
reply
I have some KDE components installed. I don't think I have enough installed to get the vulnerability to work here though. I certainly do not have enough of KDE installed to actually run KDE.
pfred1-five:-$ aptitude show plasma-workspace
State: not installed
That's the package that has startkde in it. Know how your package manager works kids.
reply
sed8me
So ah, how would yall fix a beyond borked system?
Asking for a friend, who it seems has infected hardware, via -Linux-
(Insert dramatic hamster gif)
Seriously, fresh install, new hardware, install media new and acquired through a known safe source.
Any helpful help appreciate.
reply
So ah, how would yall fix a beyond borked system?
Asking for a friend, who it seems has infected hardware, via -Linux-
(Insert dramatic hamster gif)
Seriously, fresh install, new hardware, install media new and acquired through a known safe source.
Any helpful help appreciate.
reply
RWBimbie
One get a pat on one's back for finding a linux flaw and help fix it
One get called out for being a DIRTBAG GREASY RATFUQ JERK for publishing flaw without getting with dev team to fix it before going public to feed one's own ego.
He wanted fame, he got it: Famous for being a jerk
reply
One get a pat on one's back for finding a linux flaw and help fix it
One get called out for being a DIRTBAG GREASY RATFUQ JERK for publishing flaw without getting with dev team to fix it before going public to feed one's own ego.
He wanted fame, he got it: Famous for being a jerk
reply
Kre-imir
I hope someone on Defcon calls this guy out and points out what an ass he is.
That said, KDE team did a fantastic job as always, fixing it so quickly. I can only imagine how stressful it was to learn about a vulnerability in this way and have to rush to fix it.
reply
I hope someone on Defcon calls this guy out and points out what an ass he is.
That said, KDE team did a fantastic job as always, fixing it so quickly. I can only imagine how stressful it was to learn about a vulnerability in this way and have to rush to fix it.
reply
Dave
Frankly, I like it when the occasional security panic happens. Keeps people on their toes.
Linux has a history of long unpatched security vulnerabilities. Compartmentalization is the only real mitigation against a lot of these types of exploits.
reply
Frankly, I like it when the occasional security panic happens. Keeps people on their toes.
Linux has a history of long unpatched security vulnerabilities. Compartmentalization is the only real mitigation against a lot of these types of exploits.
reply
bactanite
I bought some computer parts online using Kubuntu a few days ago, and today I had to go see the bank manager to get some fraudulent charges taken off my bill. The manager advised me to not use community distributions, KDE, or Gnome.
reply
I bought some computer parts online using Kubuntu a few days ago, and today I had to go see the bank manager to get some fraudulent charges taken off my bill. The manager advised me to not use community distributions, KDE, or Gnome.
reply
kazi
So people's are taking interest in linux.. in a way that's good. Good to know that it's pached up by kde. For new users -Do not run any scripts you find in the internet.-
KEEP CALM
AND
ENJOY
LINUX
reply
So people's are taking interest in linux.. in a way that's good. Good to know that it's pached up by kde. For new users -Do not run any scripts you find in the internet.-
KEEP CALM
AND
ENJOY
LINUX
reply
Add a review, comment
Other channel videos
