With all the discussion around the Bitcoin whitepaper being discovered in macOS, I think it’s important to take a step back from a security perspective.
All of these posts on Twitter and elsewhere said “Open the terminal and run
some command
to see the Bitcoin whitepaper!” I’ve intentionally omitted the command here.For those in the technology security industry, you’re aware of the risks running an arbitrary command on the command line. But many others are not aware of the risk.
I want to put this simply:
Do NOT run commands directed by internet strangers in your terminal*
* unless you know what you’re doing
There are infinitely many bad things that can happen from copy-pasting some command into the terminal and running it. These can range from downloading malware, wiping your hard drive, exfiltrating sensitive data, etc.
In this particular case, the command was pretty transparent about what it was doing and was safe. But that’s not a guarantee.
Be careful folks.
curl <url> | bash
are also very guilty of this.open <path>.pdf
. Like literally. One has to be a special kind of regarded to not know what their're doing. It doesn't get more simple than that