Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To be fair, if you ever install and execute someone else's software without either reading the code yourself or making an attempt to verify that the source is who you intend (i.e. at least checking MD5), then you're guilty of precisely the same security gaffe.


A lot more can be done wrong with a shell script pointing to some 3rd party domain than with an installed app, especially with sandboxing in modern OSes, app stores, and the much higher probability and ease of using `sudo` vs executing an app with higher privileges.


No, that is not precisely the same security gaffe. Github (for instance) is itself not as likely to be compromised as my link to Github is.


How do you access Github, if not through a hyperlink which is equally vulnerable to DNS spoofing?


Neither SSL nor SSH are straightforwardly susceptible to DNS spoofing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: