28
WinRAR security flaw ignores Windows Mark of the Web security warnings
(www.tomshardware.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 07 Apr 2025
28 points (100.0% liked)
Cybersecurity
7238 readers
136 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
It's not.
Go ahead and look through your filesystem. Just random parts of it. Count the number of things you downloaded off of the Internet. And yes, all of those files you extracted from an downloaded archive still count as downloaded from the internet.
If you're using Linux, the ISO you downloaded is from the Internet. All of the security patches and updates were downloaded from the Internet. Every single web site you visit was downloaded from the Internet. If you wanted to use a new program, you downloaded it from the Internet. If you created a new file, chances are good that you used some sort of cloud-based service and it was downloaded from the Internet.
There's a reason why Apple got rid of the CD-ROM drive. Because nobody was fucking using it and everything is installed off of the fucking internet! I was going to say that I haven't touched my CD-ROM drive in ages, but then I looked down and realized that I don't even have one installed on this PC.
Putting a "Mark of the Web" on a file is functionally useless. It's like putting a boolean on a file that says "this came from a computer".
Stop cherry-picking. If 95% of your HDD's files are downloaded from the Internet, including all of your OS and security patch files, marking all of them as "insecure" isn't a valid security method. It invites a ton of false positives, and is practically useless.
Also, stop assuming my age, my height, and who I am. I know what it used to be like pre-Internet, but it's not like that any more.