If you think the security of static websites doesn't matter, *imagine* if someone maliciously altered the "copy and paste" instructions for Let's Encrypt. Would you detect the change? (Image below is faked, but you get the point. I'm just using Let's Encrypt as a common example)

Follow

@climagic

Some of our readers asked us what is wrong with our code snippets. They simply copied and pasted them, including some generic and clearly-marked placeholders.

So it is not that unlikely that some people blindly install or configure software on their servers.

@infosechandbook @climagic on our wiki at work we tend to prefix shell snippets with # to help protect against this.

Unfortunately stackoverflow style copy/paste without engaging the 🧠 is super common!

@infosechandbook @climagic I don't know your specific case, but it might help to explain just a bit what the code snippet does. More often than I wished I find myself executing one-liners where I don't know *precisely* what they do simply because it's the only solution I found on the Internet... (And I do have a tech background.)

Also, I would find it more helpful sometimes if less clever solutions would be offered (with less piping and temp files - more than one line is okay for me!)

Sign in to participate in the conversation
Mastodon

mastodon.at is a microblogging site that federates with most instances on the Fediverse.