• kinther@lemmy.world
    link
    fedilink
    arrow-up
    2
    arrow-down
    10
    ·
    19 hours ago

    I mean a simple

    grep -r “string” *

    Does wonders to find anything, but you need to know what you’re looking for. I’d probably look for DNS names that end in government or China specific TLDs to start with.

    • PotatoesFall
      link
      fedilink
      arrow-up
      26
      ·
      15 hours ago

      grep -r "evil spyware" *

      nothing? awesome, I guess this software is safe to use. Let’s gooo

    • Badabinski@kbin.earth
      link
      fedilink
      arrow-up
      9
      ·
      16 hours ago

      it’s trivial to break that approach by obfuscating strings. You can do things like using base64 encoded strings in the source code, building strings from smaller component parts, or using rot13 on, say, the host component of a URI. That last one could be pretty interesting if you, as a threat actor, owned both permutations. The hostname (minus TLD) in the source code could be the nice, human readable version (www.happysite.org) that appears to be something legit. Then, when you rot13 it to www.uncclfvgr.org, traffic is sent to the evil site doing scary things. People can be far more tricksy than that. There’s also the whole issue around whether or not the binaries you’re running actually match the code in the repo. The xz kerfuffle showed how much can be hidden that way.

      EDIT: I should make it clear that I don’t use Deepin or the DE it provides because I only use WMs with no desktop, so the distro and DE are of no interest to me. I don’t know if it’s a security hazard or not, I have no horse in this fight.