[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Importance of browser security (was: On Mozilla-* updates)


Am Dienstag, 2. August 2005 10:57 schrieb Ben Bucksch:
> Stefano Salvi wrote:
> > I prefer to have no X on the server and administer it from command
> > line or Web interfaces (command line is better).
> Let's say
>    1. You use Mozilla from sarge
>    2. Somebody cracks you through known holes in that old Mozilla,
>       either a mass exploit or an enemy of you specifically targetting
>       you. Which is probably the easiest way to attack you, through all
>       firewalls. So much for browser/email security.
>    3. He controls your desktop
>    4. He downloads all your local mail and photos/images, including your
>       confidental company mail, private mail and nude photos of your
>       girlfriend. He posts it on the Internet, your company's billboard,
>       and your supermarket's billboard.

Eh - no.
Linux allows you to start two different XServers on two different screens (or 
on the same) with two different user-id's on two virtually or physically 
seperated Systems. As you can see, only fools make this mistake.

>    5. He also installs a keyboard sniffer and downloads your private SSH
>       keys.

Rubbish - if seperated correctly.

>    6. He logs into all servers and other computers that you have access
>       to. Including those desktops of your friends, which you remote
>       administrate or use the password that they use for your server.
>       And the attacker goes on from there. So much for desktop/server
>       security.

You  are describing the general results of trojan attacks - but to be honest - 
if it's getting personal, there are other ways to comprise machines. I've 
done some test: Who on my instant messaging list will execute a signed 
Java-Applet without asking me for further information.
No one asked my what this applet was doing. Everyone got his c:\test.txt 
saying "This was foolish" (Or /home/usr/C:\test.txt).
Verify yourself.

But in order to make this a server issue, you have to be foolish.

Keep smiling

Reply to: