On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote: [...] > > Yes, "our" security story is way better than theirs [...] [edit: I forgot to put "theirs" in quotes] > A single reliable, well-documented and repeatable example of a problem > caused by pressing enter or clicking on a mail would go a long way to > wipe the smile of my face. That's not my goal, anyway. Smiles are like sunshine, so why would I want to wipe them? But still: every "code execution" escape in your MUA paired with a privilege escalation (or some social-engineering equivalent like "click here to install shiny package) is an example. And "we" have had bunches of those. > User files are not necessary for the health of the system. But they're the those which really count: after all, I can reproduce the system easily. Of course, smart users compartmentalize the risk: as an example, my tax declaration is done under a different user (for one, it's somewhat sensitive data, for the other, my tax overlords force me to use a browser with all gates open, which I consider as inherently insecure, so I prefer to keep things separate. And this separation is helped [1] by the system's integrity. Others wanting to go the extra mile do QubesOS or something similar. There's more than one way to do it. All in all, smugness amounts to underestimate your enemy. And, as Sun Tzu taught us long ago, that's a bad idea. Cheers [1] Some would say "guaranteed". I'm in this job for too long to dare use such a harsh word :) -- tomás
Attachment:
signature.asc
Description: Digital signature