Hacker News new | ask | show | jobs
by Shellban 342 days ago
Whether or not SteamOS installed them is irrelevant. All the hacker would need is to compromise a machine that had some sort of remote access to other devices (ssh in this case, with some sort of keylogger to decrypt the private key).
1 comments
nulld3v 342 days ago
You are not compromised unless you specifically installed one of these 3 packages on one of your machines:

- librewolf-fix-bin

- firefox-patch-bin

- zen-browser-patched-bin

The packages were only available for download for 3 days, and the only way you could have installed them is if you explicitly typed one of the package names into your terminal within those 3 days.

Did you do that? If no, then you are not compromised.

link
pndy 341 days ago
I wonder if this is really about compromised packages or rather in wider view trying to paint Arch, AUR as insecure.
link