When a computer stops behaving, the solution often involves looking up an obscure command and pasting it into the terminal -- even experienced administrators and programmers aren't immune to this, because remembering the exact syntax for commands you use once every couple years is a choresome task.
For many years, security researchers have warned that CSS can be used to trick users by putting different text on the clipboard than the highlighted text on the screen, inserting malicious commands in place of innocuous ones.
The default Mac terminal warns users when they're pasting commands that have a carriage return, and gives them the option of removing it. This seems like a good countermeasure to me -- I'd like a version for my terminal program that let me always strip out CRs when pasting.
echo "not evil"
Will be replaced with
Note the newline character gets appended to the end of the line. When a user goes to paste the echo command into their terminal, "evil" will automatically get echoed to the screen without giving the user a chance to review the command before it executes. More sophisticated payloads that hide themselves can also be used, such as something demoed here and seen below
echo "not evil"
This command will create an evil file in your home directory and clear the terminal out. The victim appears to have the command they intended to copy, nicely pasted into the terminal.
Pastejacking [Dylan Ayrey/Github]
(Image: DEC VT100 terminal, Jason Scott, CC-BY)
In 2014, Quentin Tarantino sued Gawker for publishing a link to a leaked pre-release screener of his movie "The Hateful Eight." The ensuing court-case revealed that the screeners Tarantino's company had released had some forensic "traitor tracing" features to enable them to track down the identities of people who leaked copies.
Ransomware has been around since the late 1980s, but it got a massive shot in the arm when leaked NSA cyberweapons were merged with existing strains of ransomware, with new payment mechanisms that used cryptocurrencies, leading to multiple ransomware epidemics that locked up businesses, hospitals, schools, and more (and then there are the state-level cyberattacks […]
This week, we learned that the notorious Israeli cyber-arms-dealer NSO Group had figured out how hijack your Iphone or Android phone by placing a simple Whatsapp call, an attack that would work even if you don't answer the call.
Kudos to those of us who have chosen a less wasteful third option to “paper or plastic” at the supermarket or club stores. Tote bags are reusable, but they can be a pain to tote around. Here’s an upgrade to that planet-saving measure. The Club Cart Lotus Trolley Bag is that rare tote you’ll want […]
Looking for a career in IT, gaming or software development? In the ever-changing world of the internet, versatility is your biggest asset. In other words, mastering Java might not cut it in an interview if you don’t know C#. However, there’s a bundle that covers the essentials in most any language. The Legendary Learn to […]
Getting a set of cookware that will outlast you is one of those signs you’ve truly grown up. It used to be easy to find durable materials that also cook well, but these days it can be hard to tell what’s quality and what brands are coasting by on a recognizable name. Well, there’s at […]