Or worse
sudo curl URL | bash
made even worse by the fact that it's possible to detect a pipe vs just standard out display of the contents of curl, from the server side.
This means the attack can be "invisible", as a cursory glance at the output of the curl can be misleading.
You _have_ to curl with piping the output into a file (like | cat), and examine that file to detect any anomaly.
alt Hacker News
made even worse by the fact that it's possible to detect a pipe vs just standard out display of the contents of curl, from the server side.
This means the attack can be "invisible", as a cursory glance at the output of the curl can be misleading.
You _have_ to curl with piping the output into a file (like | cat), and examine that file to detect any anomaly.