• 0 Posts
  • 2 Comments
Joined 3 years ago
Cake day: June 30th, 2023
  • netvor@lemmy.worldtoNo Stupid Questions@lemmy.worldIs it reasonable to be concerned about security issues when switching to Linux?
    13·
    7 days ago

    Lot of people will tell you something like “don’t run stuff aS rOoT” but from personal security POV root is almost irrelevant. Potential attacker can do plenty of damage without root.

    root only allows crossing boundaries of the current user, but for personal use, everything you care about is probably 100% accessible under your normal user account. You don’t need root to steal your photos and passwords, you don’t need root to shimmy a daemon in your ~/.profile to start every time you log in, you don’t need root to mine shitcoins, use your machine as part of botnet or whatnot.

    Good advice is to vet everything you install, or choose a third party to vet it for you. In ideal world,

    • choose a stable, well-maintained and up-toodate distro with a good reputation,
    • limit installing software from official sources only. …and you’re probably going to be fine.

    In less than ideal world, maybe add flatpak to the mix but assume that the repository is a wild west. Running AppImage apps or installing third-party .deb/.rpm/etc. packages, again, if you trust the source, you trust the source.

    (But for f’s sake, don’t just run curl | bash scripts (with sudo or not) from random github repos and stuff.)

  • netvor@lemmy.worldtoAsk Lemmy@lemmy.worldWhat's a company secret you can share now that you no longer work there?
    1·
    3 years ago

    The building, used by several hundred employees, had a security systems with 4-digit codes. I’ve been part of group of people who liked to work late times, and the building would lock at midnight – the box by the door would start beeping and you would need to unlock it within a minute or so, or “proper alarm” would ensue.

    However, to unlock the alarm you did not need your card – all you needed to do was to enter any valid code. Guess what was the chance that, say, 1234 was someone’s valid code? Yes.

    We’ve been all using some poor guy’s code 1234, and after several years, when he left the company we just guessed some other obvious code (4321) and kept using that.

    By the way, after entering the code to the box by the door, it would shortly display name of the person whom the code “belonged” to. One of our colleagues took it as a personal secret project to slowly go through all 10000 possible codes and collect the names of the people, just for the kick of it.

    (By the way, I don’t work for that company anymore, and more importantly, the company does not use that building anymore, so don’t get any ideas! 🙃 )