I set up a quick demonstration to show risks of curl|bash and how a bad-actor could potentially hide a malicious script.
It’s nothing new or groundbreaking, but I figure it never hurts to have another reminder.
I set up a quick demonstration to show risks of curl|bash and how a bad-actor could potentially hide a malicious script.
It’s nothing new or groundbreaking, but I figure it never hurts to have another reminder.
It’s really only about trusting the source. Your operating system surely has thousands of scripts that you’ve never read and never checked. And wouldn’t have time to. And people don’t complain about that.
But it’s really bad practice to run random things from random sites. So the practice of downloading a script and running it is frowned upon. Mostly as a way of maintaining good security hygiene.