/tech/ - Tech


Mode: Reply

Max message length: 8192


Max file size: 20.00 MB

Max files: 3


(used to delete files and postings)


Remember to follow the rules

(166.40 KB 1164x960 C_kk-kjW0AAJU5m.jpg)
Capitalism Ruins Everything Comrade 03/08/2020 (Sun) 08:59:52 No. 412
Thought this story was worth sharing. A bit of an interesting case example as capitalism ruining everything in the end no matter how benign it starts out and a good cautionary tech security tip/tale. https://krebsonsecurity.com/2020/03/the-case-for-limiting-your-browser-extensions/ The Case for Limiting Your Browser Extensions >Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who’d edited the Web site in the past month. >The incident is a reminder that browser extensions — however useful or fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals. >The health insurance site was compromised after an employee at the company edited content on the site while using a Web browser equipped with a once-benign but now-compromised extension which quietly injected code into the page. >The extension in question was Page Ruler, a Chrome addition with some 400,000 downloads. Page Ruler lets users measure the inch/pixel width of images and other objects on a Web page. But the extension was sold by the original developer a few years back, and for some reason it’s still available from the Google Chrome store despite multiple recent reports from people blaming it for spreading malicious code. You can click through for the rest but long story short the malware adds ads to the page(how late stage capitalism is that? Everything's about the ads.) But, back to the first bit, like I said, what starts as a benign attempt by a inventor to see a need in society and fill it inevitably turns into a device for hackers to hack the users of that originally benign invention. When some users discovered the malicious code and contacted the original(or one of) the original inventors, he just through up his hands in the air and said: "not my problem, I sold it." He was at least nice enough(and I'm surprised whatever deal he made to sell it allows him to do it, maybe someone with more CS knowledge can explain,) to link them to the original source code on git that they could build the plugin themselves from, but it still feels like a dick move, to be at best an unwitting culprit, out of not doing your due diligence, to research who you are selling your work to, and what they plan to do with that work, and at worst a witting accomplice. At the same time I can understand the maker's plight, in that they provide a free service to 100ks (in this case, millions in others,) and you're probably lucky if you can even get 1 out 100 of those users to give you a dime through your e-begging. Then along comes a company, with money, they make you an offer, it's probably more money than you've ever made through your pathetic little Donate button. Can you really say in their shoes you would say no? Tl;dr Capitalism ruins everything, and it's all shit, and it's all fucked to hell, and the government(duh) and mostly likely large, indefinite number of corporations, and lesser known groups, and private individuals probably have access to all the characters and clicks you ever put into these cursed silicon boards. But I don't need to tell you that, this is /leftypol/ (although I'm posting to tech since it was kind of tech centric)
>>412 Under Capitalism, "All that is solid melts into air" - Karl Marx.
The only extension I use are Umatrix and HTTPS everywhere.
Stop using proprietary software.
I've used somewhere around 30-40 extensions over the course of Firefox's existence and never had a problem. It's not really that hard to vet your add-ons.
>>437 If they are proprietary then yes it is, lol
>>437 dumb post. it's always fine until it isn't
(376.07 KB 1514x1308 inbox.png)
>>437 Even if you vet your addons (I always read the source code), there is a real risk from automatic updates and acquisitions. I'm the developer of a moderately popular open-source extension (< 100k users), and I constantly get spammed with this shit.
>>492 holy fuck porky really is hard for your extension
>>492 How do you monetize it if it's open-source?


no cookies?