pulsewidth
@pulsewidth@lemmy.world
- Comment on King Charles hopes nature film will 'inspire' viewers 1 week ago:
‘Hopefully someone with power will watch my documentary and make positive policy changes for the environment’, lamented the literal king.
- Comment on Wear your seatbelt 1 week ago:
They’d been taught the reason for seatbelts, then they had to learn a lesson about being disrespectful and ungrateful.
- Comment on Steam, Riot Games hit by disruptions: massive DDoS attack suspected 1 week ago:
I played a few DoTA games with friends while this was occurring and twice during gameplay approximately 10 seconds of play experienced some server-side lag for everyone in the game - there were moments of confusion that rapidly passed. Steam ops team did well.
Truly a tremendous impact and a fantastic use of the attackers time and resources.
- Comment on Motion sensors in high-performance mice can be used as a microphone to spy on users, thanks to AI — Mic-E-Mouse technique harnesses mouse sensors, converts acoustic vibrations into speech 1 week ago:
Sadly no. The only way is to come up with countermeasures.
- play music through speakers while using mouse
- leave rumble gamepad playing demo of game on desk
- put vibrator set to ‘random pulse mode’ on the desk
- Comment on At least 16 injured as shots fired in Sydney's inner west [no reported deaths] 1 week ago:
Angry old white man
shouts at cloudsshoots at crowds. - Comment on Y = -x² 2 weeks ago:
Someone with colourblindness and also regular blindness.
- Comment on Does more expensive phones have better reception? 2 weeks ago:
Not a great example of the improved reception of metal frame phones, because it was the iPhone 4 that lost reception quality significantly when it was held on the metal sides and your finger/hand happened to be near the lower left corner. This was a perfectly natural way to hold the phone and most impacted left-handers.
Apple famously responded by saying “you just need to not hold it like that”, rather than admitting an engineering mistake.
- Comment on Is Star Trek Discovery that bad? 2 weeks ago:
Cool. Power to you - we clearly have differing tastes. OP was on the fence and asked for an opinion so I gave mine, not sure who else I’d be speaking for. Now you’ve given yours, so they’ve even wider opinions 👍
- Comment on Is Star Trek Discovery that bad? 2 weeks ago:
Go ahead. Watch it. 🤷🏻
- Comment on Is Star Trek Discovery that bad? 2 weeks ago:
If you’re a fan of older Star Treks it’s bad, real bad. I watched until the end of season 2 with my partner and had to bail. Everyone above has given good reasons why, I’ll add one I haven’t seen: the lead actress (Soneqa Martin-Green?) overacts Michael Burnham. She overdramatizes almost every scene, to the detriment of the believabolity of the in-universe world, I tried to overlook it but found it grating. I told my partner that half-way into season two, and she responded that she doesn’t really see it. Then about five seconds later Burnham is raising her voice to a senior officer and on the verge of tears over nothing… a minor misunderstanding. Partner laughs and goes, “ok yeah I see it”.
I’d rewatch Enterprise 100 times over ever watching Discovery again, and Enterprise is probably my least favourite pre-2010 Trek, if that helps you.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
The difference is that passworded zip files are used to distribute malware regularly. For a few reasons such as they’re very simple to use (malware creators are often lazy) and they can be generally be unpacked with preinstalled libraries or programs on the OS. A random encrypted file will require a DLL or runtime that can unpack the blob, and antivirus engines find that kind of stuff packaged together very sus.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
Thanks for the effort digging. This does not actually point out any game doing it in particular though, and it’s actually a perfect example of a working antivirus picking up a suspect file (a password protected archive) in a game’s install tree.
This is from Aug 2024 and could even be from one of the games that distributed malware. Its absolutely something that Steam should be blocking/flagging for manual review, and a huge red flag that any developer would use this as a tool for distributing their game content.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
Good it is not when the recommendation from security experts and reporters is to avoid any Steam games with low numbers of installs / reviews and betas from small companies. That’s where we’re at now.
bleepingcomputer.com/…/verified-steam-game-steals…
Nobody reviews game code, as game code is not supplied, only binaries with their relevant resources. There are many security providers that would be able to provide better service that whatever Valve is doing - but who knows, because they keep tight-lipped about it every time there’s an issue, and just patiently await their defenders to hand-wave any concerns.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
It literally contained a known version StealC malware in its payload, and had basic python scripting with the Telegram bot code and access tokens left visible to researchers (very bad OSINT). This was not sophisticated scripting, nor novel malware, just some script kid that sourced the whole setup on Telegram. The malware would easily have been captured by a competent security company’s automated scanner.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
Citation please for any indie dev using passworded zip files to lock game content. That would be a pretty dumb approach given all retail security suites / antiviruses will flag a password-protected archive as suspect by default (because they’re so commonly used in the past to distribute malware).
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
All they’re expected to do is pay for upstream providers to scan their submissions (eg third party security providers), no need to hire new staff. This is the fourth instance publicized this year! They should communicate regarding issues like OPs - but like usual, it’s crickets.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
They’ve already missed four instances of malware this year that have been publicly reported. How many have other storefronts missed?
I don’t see why asking them out to improve is an unbalanced response or unfair, given the enormous budget they have and the market dominance.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
Who said you need to pay more for games? Steam already takes thirty percent of sales (for the vast majority of sales), they are a $10b+ game distribution company… They’re worth more than several leading security/antivirus companies combined.
I just don’t understand the mindset people get around Steam. They are a business that makes a fortune distributing games, run by a billionaire - they are not a little indie company struggling under the weight of their success.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
Well since Steam provide absolutely zero details about their scanning process (or even if it exists), seems like conversely people are making a lot of really complementary assumptions about Steam, no?
This is certainly not the first malware distributed by Steam - this is in fact the fourth publicly-known instance just this year.
Seems like they need to step up their game if you ask me. - Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.
Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.
(See comments about for explicit details regarding the malware)
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
Dumb take. There are many ways to scan software without needing access to the source code.
Do you think retail antivirus providers approach every developer of every program version to request a copy of their source code for review before they can verify it’d safe?
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
A password-protected zip file should have been flagged by Steam as suspect before they approved the update, its a very old and very common method for detection bypass.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
And there are so many ways to detect the bypasses. It’s an arms race, and the most profitable games store of all time should really have a cutting edge system to deal with it is all I said.
Windows should have better security too, but the two thoughts can be held in the mind at the same time.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
Its “not feasible to do a full scan of every update of every game”?
My friend the scans are automated. Is Steam strapped for cash this month?
Honestly the apologia here for Steam is pretty rank.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
Its also trivial for apps detecting any trivial attempts at scanning if they’re running in a VM to be detected, and masked.
Those are also valid concerns, but in an environment where admin rights are granted to games installers the vendor of the games (Steam) needs to adopt a highly curated and protective stance. To this date they provide zero details of their protection - their entire FAQ on malware on their store boils down to ‘if you find malware, please flag it on the store page for us to investigate’.
If anyone is gonna claim the steam store is highly curated… I’d point out to them that a very large amount of their store is shovelware asset flips with very few purchases and installs. There are over 150,000 games on Steam, and tens of thousands of them would fall into that category.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
I didn’t say they dont scan for malware, I said it “should be to a very high standard”, fully understanding they already do.
- Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform 3 weeks ago:
It really isn’t. Scanning code for vulnerabilities should be at a very high standard for the dominant and most wealthy game platform on Earth.
Very standard practice for malicious software scanning is to install the program in a virtual environment and then monitor its processes to see if it’s performing malicious activities: eg keylogging while a background process (eg alt-tabbed), or if it interacts with browser data (trying to get saved auth cookies or saved account info), running searches for strings that are common for crypto wallets, etc.
Its entirely possible that Steam has dropped the ball in a big way here.
I can only imagine the animosity in the comments if it was from a game on the Epic store or Ubisoft UPlay…
- Comment on YouTube will let users booted for 'repeated violations' of COVID, elections policies 'rejoin' 3 weeks ago:
They are swinging with the political wind and falling behind the administration to get favourable legislation and preferential treatment.
If a heap of people die in the process due to misinformation - they don’t care.
Don’t, be evil. - Comment on Ubisoft's Saudi-funded Assassin's Creed DLC provokes staff unrest, but the publisher insists partnering with the controversial regime is A-OK 4 weeks ago:
Is everything critical of Saudi Arabia Hasbara propaganda?
I hate Saudi Arabia’s leadership and brutal oppression of their people. Obviously, Kashoggi. Obviously, funding terrorism worldwide. Personally, a friend of mine witnessed a state beheading simply by being in the wrong place at the wrong time while he was working in SA (he was an Indian immigrant worker) - scarred him for life.
Hasbara are in the walls so I presume they saw me type that out and I’ll just patiently await my cheque.
- Comment on Anon doesn't fit in 4 weeks ago:
When people are young adults, their attraction to their preferred sex is peaking, maybe you’re different, but for most people it does feel like a need.
Not that OP actually mentioned ‘need’ anywhere in their long post…