|
Knormal posted:I don't think any operating system has anything to prevent a program written to take screenshots from taking screenshots. If there's a way to capture a screenshot from something passive like a web page then yeah, that's a problem, but if an app wants to be malicious it can just be a keylogger and not bother with screenshots and OCR. Bottom line as always is don't install apps you don't trust. I think their point was if you use a "Security Sandbox" like the blog posts mentions, then that sandboxed process should be untouchable by anything else in the system. Since you know, that's sort of the point of a sandbox.
|
# ? Feb 16, 2018 05:24 |
|
|
# ? May 28, 2024 14:56 |
|
Knormal posted:I don't think any operating system has anything to prevent a program written to take screenshots from taking screenshots. If there's a way to capture a screenshot from something passive like a web page then yeah, that's a problem, but if an app wants to be malicious it can just be a keylogger and not bother with screenshots and OCR. Bottom line as always is don't install apps you don't trust. A given application should not have access to anything outside it's own context. Taking a screenshot of it's own window is OK (subject to some dogmatic nerd poo poo) but being able to capture the entire display is capital F hosed. To the best of my knowledge, no win32 application has the ability to capture outside of its own window except for whatever the screen snip tool is dot exe. Windows NT (aka 2000, XP, and on) is actually pretty good at separating user/superuser on the back end. Microsoft has traditionally failed at preventing people who aren't experienced computer touchers from shooting themselves in the foot. 'I need to install a thing!': The entire screen dims out except for the 'Are you sure about this?' prompt. 'This poo poo app from 1995 needs to write to its own directory but our entire business depends on it.': I could go through UAC every time I run this critical app or I could just turn off UAC. *continues not backing critical data up to a 2nd source* *later that day* 'Ugh some Eastern European is asking for half a bitcoin to get my word docs back. Microsoft is bad!!' E: The true schad is me
|
# ? Feb 16, 2018 05:52 |
|
https://i.imgur.com/yqPGnDQ.gifv sucks that its instinct was to put all of its weight onto a tiny area
|
# ? Feb 16, 2018 06:08 |
|
Burt Sexual posted:Crabs eat sand This kills the LA Beast.
|
# ? Feb 16, 2018 06:13 |
|
Solice Kirsk posted:Nothing gold can stay. Stay gold Beasty boy, stay gold.
|
# ? Feb 16, 2018 06:13 |
|
goatsestretchgoals posted:A given application should not have access to anything outside it's own context. Taking a screenshot of it's own window is OK (subject to some dogmatic nerd poo poo) but being able to capture the entire display is capital F hosed. Any browser can do desktop sharing through webrtc. Any application could scrape the whole screen if it wanted.
|
# ? Feb 16, 2018 06:17 |
|
There are tons of third-party Windows screen capture apps of various levels of trustworthiness, think Snagit or Twitch streamers down to Unregistered HyperCam2. Running an app sandboxed isn't a full virtual machine, it's isolated from other apps but it can still read from basic OS functions. I guess it depends on how robust you expect the sandbox to be, I would assume basic sandbox that comes with MacOS isn't ultra-locked down and makes some concessions for user-friendliness, but admittedly I've never used it. From a quick skim of this that looks to be the case, if I grant an app permission to access my Downloads folder, which I would assume just about everyone lets every app get, then there's nothing stopping it from reading mycreditcards.txt. While it would be ideal if a sandboxed app could only "see" its own window I'm not sure that's feasible to implement with current graphics implementations, other than running each sandboxed app with its own graphics stack which would get incredibly resource-intensive. But my ultimate point was that this isn't some basic oversight by Apple like the "one character causes the OS to crash thing", considering Windows doesn't offer native sandboxing home users at all this is more like a Meltdown/Specte kind of "oops didn't think of that" oversight than bad coding. Edit: It looks like sandboxing under Linux does by default does create its own entire separate instance of an X server, so I guess someone had thought of that. Knormal has a new favorite as of 06:41 on Feb 16, 2018 |
# ? Feb 16, 2018 06:26 |
|
"Walk around me, humans" https://i.imgur.com/Ojbose1.gifv
|
# ? Feb 16, 2018 06:28 |
|
syscall girl posted:Microsoft did the same thing with font rendering in the kernel and had similar problems iirc. You can't install a font on windows 10 without the firewall active.
|
# ? Feb 16, 2018 06:49 |
|
Tunicate posted:You can't install a font on windows 10 without the firewall active.
|
# ? Feb 16, 2018 07:29 |
|
Fuzzy Mammal posted:Any browser can do desktop sharing through webrtc. Any application could scrape the whole screen if it wanted. Yes. The reason no hacker has posted github code on how to do this on windows is becuase microsoft did like, years ago, there is no challenge https://msdn.microsoft.com/en-us/library/dd183402(v=vs.85).aspx Couple that with microsoft pretty much never wanting to deprecate anything and yeah. https://www.codeproject.com/Articles/5051/Various-methods-for-capturing-the-screen The fact that ordinary applications like photoshop or Krita or The Gimp can just eyedropper any color pixel from any other app should give a hint that yeah, there's no sandboxing really whatsoever. There's no permissions to ask for, no manifest files to fill in, no sandbox to escape from. The fact that its happening in a MacOS sandbox is what makes it interesting because there is the presumption of sandboxing. They're actually trying to sandbox apps and protect them from each other, so when someone finds a hole in the sandbox its interesting. On windows there's no such presumption vektuz has a new favorite as of 08:35 on Feb 16, 2018 |
# ? Feb 16, 2018 08:29 |
|
Linked for size https://gfycat.com/EveryMiserlyHornedtoad
|
# ? Feb 16, 2018 08:54 |
|
Applesnots posted:Stay gold Beasty boy, stay gold. *LA Beast holding fathers cremated remains on the edge of a pier* "I won't scatter your ashes to the heartless sea. You're all diamond subscribers to me. Like and Subscribe, dad." *Awkwardly wolfs down ashes* "Urk, it's got a texture to it, like grits. Not too bad when you Siracha up the cremains though."
|
# ? Feb 16, 2018 10:04 |
|
Away all Goats posted:Linked for size Oh man, I'm garbage at these puzzles.
|
# ? Feb 16, 2018 10:09 |
|
Poops Mcgoots posted:Oh man, I'm garbage at these puzzles. Start executing people who don't wait for their exit to be clear. Puzzle solved.
|
# ? Feb 16, 2018 11:21 |
|
Aramoro posted:Start executing people who don't wait for their exit to be clear. Puzzle solved. But then you just have a car without a driver stuck in the exit. This is a really poor strategy.
|
# ? Feb 16, 2018 16:21 |
|
SpacePig posted:But then you just have a car without a driver stuck in the exit. This is a really poor strategy. Execute the car too. Lay down with humans, wake up stuck in traffic.
|
# ? Feb 16, 2018 16:37 |
|
iospace posted:"Walk around me, humans" Would've kicked the poo poo out of that cat.
|
# ? Feb 16, 2018 16:40 |
|
I'd give it a friendly pet
|
# ? Feb 16, 2018 16:49 |
|
biracial bear for uncut posted:Would've kicked the poo poo out of that cat. It would have given you a disdainful look and shuffled 2cm to the left.
|
# ? Feb 16, 2018 16:49 |
|
We apparently have very different definitions for "kicked the poo poo out of".
|
# ? Feb 16, 2018 16:51 |
|
biracial bear for uncut posted:Would've kicked the poo poo out of that cat. Shame you didn't; We would be featuring you in a video in this thread shortly after methinks...
|
# ? Feb 16, 2018 17:03 |
|
I would have tried to put a "Kick Me" sign on the cat, then after that failed I would go to the doctor to clean my wounds.
|
# ? Feb 16, 2018 17:03 |
|
I would have done my usual procedure for a cat being annoying; pick it up and pet it and call it silly names and wave it around randomly until it flees out of sheer embarrassment.
|
# ? Feb 16, 2018 17:06 |
|
biracial bear for uncut posted:We apparently have very different definitions for "kicked the poo poo out of". Apparently you are a psychopath who lusts to hurt animals who slightly inconvenience you.
|
# ? Feb 16, 2018 17:23 |
|
Shnag posted:Apparently you are a psychopath who lusts to hurt animals who slightly inconvenience you. LOL if I'm supposed to have any kind/generous feelings towards the animal equivalent of a race of Jeffrey Dahmers.
|
# ? Feb 16, 2018 17:26 |
|
Definitely a pyschopath. Furthermore: quote:Sony once turned down a chance to buy all of Marvel’s movie rights for only $25 million
|
# ? Feb 16, 2018 17:27 |
|
biracial bear for uncut posted:LOL if I'm supposed to have any kind/generous feelings towards the animal equivalent of a race of Jeffrey Dahmers. your an awesome person.
|
# ? Feb 16, 2018 17:30 |
|
enigmahfc posted:your an awesome person. Yeah, well, we're all in the Schadenfreude thread. Good job on the bad grammar, by the way.
|
# ? Feb 16, 2018 17:35 |
|
biracial bear for uncut posted:Yeah, well, I''m a piece of human garbage. Thank yuo
|
# ? Feb 16, 2018 17:36 |
|
https://twitter.com/TIME/status/964529896797204481
|
# ? Feb 16, 2018 17:57 |
|
biracial bear for uncut posted:Yeah, well, we're all in the Schadenfreude thread. Nonchalant endorsement of animal cruelty is one thing, but pedantry? This is a bridge too far.
|
# ? Feb 16, 2018 17:59 |
biracial bear for uncut posted:Would've kicked the poo poo out of that cat.
|
|
# ? Feb 16, 2018 18:01 |
|
Say Nothing posted:This guy is going to be murdered. Yes. And he will be murdered in a way that creates a new category of war crime. Kim Jong Un had his half-brother killed. The hit was carried out with VX. A couple of random young women in Malasia were recruited by N. Korean agents pretending to be running a reality TV prank show: "Smear this goo on the face of that man over there! It will be hilarious!". VX is a chemical weapon that has been completely banned everywhere. Simple possession of ANY amount is automatically considered an atrocity; actually using it to kill people is grounds for national governments around the world to start making plans to invade your country (obviously most of these discussions amount to nothing, but you do get some infamy). So I'm gonna say that KJU-impersonator is going to die in a way inspired by a James Bond movie.
|
# ? Feb 16, 2018 18:17 |
|
Anyone know what happened for Lowtax to get banned from Twitter again? https://twitter.com/steak_umm/status/964521901690359811
|
# ? Feb 16, 2018 18:23 |
|
Transmogrifier posted:Anyone know what happened for Lowtax to get banned from Twitter again? I bet it was because he called AR-15s lovely guns yesterday
|
# ? Feb 16, 2018 18:25 |
|
Transmogrifier posted:Anyone know what happened for Lowtax to get banned from Twitter again? Didn't he tell Baked Alaska to drown himself in concrete or similar? edit: Again? You mean he got back on after Baked Alaska?
|
# ? Feb 16, 2018 18:26 |
|
Aramoro posted:Didn't he tell Baked Alaska to drown himself in concrete or similar? He did.
|
# ? Feb 16, 2018 18:28 |
|
|
# ? Feb 16, 2018 18:35 |
|
|
# ? May 28, 2024 14:56 |
|
Aramoro posted:Didn't he tell Baked Alaska to drown himself in concrete or similar? Yeah, @lowtax was suspended because of the concrete comment. Not sure what happened with this one.
|
# ? Feb 16, 2018 18:38 |