Not even copy-paste is safe.
… No, seriously. This is pretty bad: it’s basically using some cheap tricks to get to you to copy one thing (text or a URL) and paste another. Like you know how you get those emails with a URL that says something like “if you don’t trust this link, copy-paste this URL into your browser!”? Yeah, well. That‘s no longer safe, either. Or, worse, for anyone who’s copy-pasted command line, erm, commands? Like, for example, every sysadmin in every company ever? How closely do you check that what you’re pasting is what you’re copying?1
Yeah. Thought not.
- It’s actually potentially worse than that, too, because depending on your CLI, you can wind up “auto-submitting” your pasted command if you happened to also copy the return character. Or, yanno. Someone slotted one in there for you. This is actually a pretty good vector, now that I’m thinking about it.
sudo tar -h; sudo rm -r /; -xvf, indeed. [↩]