this post was submitted on 16 Dec 2023
5 points (57.6% liked)

No Stupid Questions

35833 readers
1435 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 

for example if i only use it to browse the internet and maybe download games from play store but i dont install extensions and use https only, can i still be hacked and my operating system destroyed?? what can i do to avoid that?? i only use my chromebook for python

all 19 comments
sorted by: hot top controversial new old
[–] RightHandOfIkaros@lemmy.world 41 points 11 months ago (3 children)
[–] Kache@lemm.ee 9 points 11 months ago

Technically, anything can be "hacked", but that's the same kind of technically as "any car can be broken into".

Just like there are ways to mitigate getting your car broken into, there are ways to mitigate getting your system compromised.

[–] iamanurd@midwest.social 2 points 11 months ago (1 children)

I came here to write exactly this. Except a rock. A rock cannot be hacked.

[–] RightHandOfIkaros@lemmy.world 5 points 11 months ago* (last edited 11 months ago)

If you think about it, computers are just rocks that humans tricked into thinking.

Rocks can be hacked. Especially rocks.

[–] Synthead@lemmy.world 2 points 11 months ago

Exactly. Just be responsible and don't do anything dumb with your security. Do the typical stuff right like using a password manager and updating your software often. With your programming, don't skip ssl validation, don't have unauthenticated connections that matter, don't shell out, etc. On your local system, use permissions correctly, keep a local firewall, and all that good stuff. You should be fine, but it's never 100%.

[–] 0x4E4F@sh.itjust.works 13 points 11 months ago* (last edited 11 months ago)

Rule of thumb: If a human made it, it can be hacked/cracked/disassembled/reverse engineered.

[–] breadsmasher@lemmy.world 13 points 11 months ago

Plenty of malicious apps on the playstore

[–] FuglyDuck@lemmy.world 8 points 11 months ago

…if i only use it to browse the internet and….

Any and every device connected to the Internet net can be hacked. I’m not sure why they’d want to, however.

Even if your data was of particular value, it’d be far more cost effective to just pay Google for it.

[–] governorkeagan@lemdro.id 6 points 11 months ago

You don’t necessarily need to do something for the device to be hacked. There could be an exploit that affects all devices running ChromeOS (or any OS for that matter).

TL;DR: Yes you can.

[–] BarrierWithAshes@kbin.social 3 points 11 months ago* (last edited 11 months ago)

You'll be fine. Just dont visit shady websites and do fall victim to phishing. The other comments in the thread are good advice too.

Also give this a read since you're using Python. It could happen to you: https://arstechnica.com/information-technology/2022/08/10-malicious-python-packages-exposed-in-latest-repository-attack/

[–] zeppo@lemmy.world 3 points 11 months ago

Operating systems that are locked down like iOS or ChromeOS remove one major vector of compromise, which is people accidentally or being tricked into installing malicious programs. However, explicit installation is different than an exploit, which can be triggered by a text message or merely visiting a webpage. For instance, there has been a string of iOS exploits related to iMessage attachment processing, or the explot related to webp that was revealed a few months ago. So, yeah, but on ChromeOS, who cares? You can reset it easily and your files are stored on Google servers, anyway. Use 2FA for your account and if you're not a high profile target, it's unlikely anyone will try that hard.

[–] pruwybn@discuss.tchncs.de 1 points 11 months ago (2 children)

At first I thought this was about the band Chromeo.

[–] Thavron@lemmy.ca 3 points 11 months ago

I thought it was about a cereal called Chromeo's

[–] muse@kbin.social 2 points 11 months ago

Don't turn the lights on
Cause tonight I'm gonna hack you in the dark 🎶

[–] SnotFlickerman@lemmy.blahaj.zone 0 points 11 months ago (1 children)

Do you have security clearance?

Does your job involve any confidential (in any way, trade secrets, etc) information?

Do you work in any sort of IT or information security?

Those are the kind of things that make you a target of hacking. Generally, if you're not out dilly-dallying about in dangerous, unsavory parts of the internet, you're not risking getting infected. So, you would have to be a target.

Most people are not targets. We ignore spam emails because we recognize them. We don't go to strange websites because we don't recognize them. Most of us have menial jobs where we have little control or access and so targeting us for corporate espionage would largely be pointless. Even if you work a menial job that is targeted (you work at a T-Mobile outlet, for example, which have seen thefts of the customer-service devices used to modify people's accounts) it's not you being targeted, it's the company.

If you have reason to believe you may be a target, then you probably need to take more precaution.

However, if you're just a fucking Joe Schmoe like myself, it's probably a slightly overblown worry and you should be fine.

[–] marietta_man@yall.theatl.social 7 points 11 months ago* (last edited 11 months ago) (1 children)

Plenty of actors carpet bomb malicious content and would be happy to make $1000 in BTC ransoming grandma’s computer.

[–] ahornsirup@sopuli.xyz 3 points 11 months ago (1 children)

Or just straight up mine that crypto on someone else's power bill. Much less obvious, so people may not even realise that their systems are compromised.

[–] whaleross@lemmy.world 2 points 11 months ago

Or bot nets that do nothing until somebody pays the owner to deploy an untraceable proxy or brute force or ddos attack. There are so many reasons for bad actors to hit up as many machines as possible, regardless who is behind the keyboard.