I feel personally attacked. Yes I’ve actually done this (minus sending them money). I had a server (that I am pretty sure sent headers to the effect that it ran x86) which had some logs indicating someone had tried to download an arm IOT botnet onto it. So I downloaded it and tried running it through a decompiler. I found a UPX stub. The rest was compressed. So I tried the UPX unpacker. This didn’t work because it was built with a modified copy of UPX. So I hauled out a raspberry pi, reflashed the OS and tried running it in GDB in hopes of just dumping the unpacked bit from memory. Nothing. So I downloaded qemu and set up an aarch 64 arm 9 image still nothing. So I tried 32 bit arm again in qemu. At this point I gave up
Attacker will steal your browser cookie the same way it does without flatpak. If you have poor security hygiene and bad habits, flatpak nor anything else will save you.
if yoy fuck over with the default package manager, the attacker has your system, if you fuck over with flatpak, they have your browser cookie, my point still stand
sure, nothing beats good security hygiene and habits, but another security layer(plus others flatpak benefits) are a good thing
What you are describing here is fase feeling of security. Many flatpaks have access to your home dir by default. This is already security flushed down the toilet. Browser is the biggest attack vector nowadays and this is where your accounts reside. Worrying about package manager while not giving a shit sbout bank account seems out of place.
Add comment