1. 60
  1. 11

    This article has a very low quality: it reports on two not interesting facts (retrieving code via http and loading a DLL from current directory). Why is it upvoted so much?

    1. 14

      Two relevant points at least: (1) an unverified binary is downloaded and installed and (2) on Windows outdated and likely exploitable versions of OpenVPN and OpenSSL are installed.

      Then there’s the other more trivial stuff in the article that may or may not be interesting.

      Despite the abrupt nature of the article, it seems worth talking about.

      1. 4

        Yeah, I’m kind of appalled that the author completely glanced over the setup step where you download the script asking you to send your password over an unsecured connection. Forget about a man in the middle attack that switches the script, all you need is to log the HTTP requests and you get the user’s password.

        1. 4

          They seem to stop because “they couldn’t be bothered” right where things could be about to get interesting. Which is fine ofc, that’s their prerogative, but it leads to a largely uninformative article.

          1. 1

            Yeah, something has got to be wrong here. How can an article have 49 upvotes but not a single comment in its first 13 hours?

            1. 8

              It’s an interesting find but not super engaging. It’s gross incompetence with very much not industry best practices. There isn’t much to learn from this other than “don’t write sketchy code”.