back to article Homebrew fixes Cask repo GitHub Actions bug that would have let anyone sneak malicious code onto machines

The Homebrew package manager for macOS and Linux has fixed an issue that could have been exploited by miscreants to run malicious code on people's computers. Specifically, the project's GitHub Actions setup could have been abused to sneak arbitrary Ruby code into its Cask repositories, security researcher RyotaK discovered …

  1. Claptrap314 Silver badge

    Adjust the law a bit

    Just take this, and expand:

    1. Michael Wojcik Silver badge

      Re: Adjust the law a bit

      That wouldn't significantly decrease the ransomware infection rate.

      The economics are all wrong. Creating ransomware is inexpensive and has non-tangible returns such as intellectual curiosity and bragging rights. Deploying ransomware is nearly free; it's largely done by botnets and other automated systems. The success rate for ransomware attacks can be very, very low and still produce a positive return on investment.

      Some victims will bypass any legal constraints in order to pay. Legal liability is a future risk; lack of access to data is a present risk. People overestimate present risks and underestimate future risks – that's why we continue to see stupid crimes with poor rate-of-return (such as bank robbery) being committed.

      Consequently, attempts to cut off payment will not have much effect on ransomware attacks. They'll be no more effective than the War on Drugs (or, worse, the idiotic "War on Terror").

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like