fake keepass repo on github

not_IO@lemmy.blahaj.zone · edit-2 1 month ago

fake keepass repo on github

A_norny_mousse@feddit.org · 1 month ago

Thank you for your service.

I use keepassxc and although I’m unlikely to ever install it any other way than through my distro’s package manager without 3rd party repos, this is good to know and hits a personal note.

Fuck all nefarious hackes and scammers. I just re-installed my server and installed crowdsec on it not 24h hours ago, and already got 20 000 bans. Twenty thousand! It’s getting worse and worse and worse and worse.

solsangraal@lemmy.zip · edit-2 29 days ago

i’m brand new to linux after decades of windows. is there a comprehensive resource that talks about security on linux beyond just “linux is super secure don’t worry about it”? i feel like the more people continue to ditch windows, the more scammers are going to focus their energy on linux, and i know next to nothing

edit: thank you for all the responses

Problem-based person@lemmy.dbzer0.com · 1 month ago

https://wiki.archlinux.org/title/Security

Applicable to most Linux distros.

OhVenus_Baby@lemmy.ml · 30 days ago

That’s a lot of advanced shit, which can totally bork a system. What average user paths can we take program wise or etc?

Like a Linux mint user for instance who’s first stop is diving into a Linux distro of their choice and wanting to gain 80 percent of the gains with 20 percent of the hassle and maintenance.

Psychadelligoat@lemmy.dbzer0.com · 30 days ago

Basic internet precautions: if you’re looking at a GitHub for a famous piece of software that has only 250 total downloads: double check the Url, read any commands before you run them and compare to documentation if you’re unfamiliar with a piece of one, if you run something in docker or similar containerization for any reason make sure you set the PUID and GUID of the containers to a user other than root or they’ll be root by default

henfredemars@infosec.pub · 1 month ago

You don’t want anything that advertises next generation encryption. You want tried and true encryption. You want boring encryption.

JasonDJ@lemmy.zip · 1 month ago

But post-quantum…

Natanael@infosec.pub · edit-2 1 month ago

Then you want them to advertise NIST PQ standards

… Which is also not necessary for single user password databases anyway

coffeetastesbadlikecoffee@sh.itjust.works · 1 month ago

Yes it is necessary just as my homelab needs to have enterprise hardware and be georedundant. Statements like yours make my very reasonable self hosting purchases hard to financially justify.

Natanael@infosec.pub · 30 days ago

The standards are royalty free, so I’m not sure what that has to do with anything

Derin@lemmy.beru.co · 30 days ago

(it’s a joke)

Natanael@infosec.pub · 30 days ago

Bad joke

MystikIncarnate@lemmy.ca · 30 days ago

I’m not sure who they were trying to fool? Bluntly, if you’re keeping your passwords in a local repo using strong encryption via something like keepass, you’re generally not the kind of person to see “KeePassXE Pro ultra mega best edition” and blindly download it without vetting the source…