[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Email based attack on University

On Fri 04 Oct 2019 at 11:36:02 +0200, tomas@tuxteam.de wrote:

> On Fri, Oct 04, 2019 at 10:11:52AM +0100, Brian wrote:
> [...]
> > > Yes, "our" security story is way better than theirs [...]
> [edit: I forgot to put "theirs" in quotes]
> > A single reliable, well-documented and repeatable example of a problem
> > caused by pressing enter or clicking on a mail would go a long way to
> > wipe the smile of my face.
> That's not my goal, anyway. Smiles are like sunshine, so why would
> I want to wipe them?


> But still: every "code execution" escape in your MUA paired with a
> privilege escalation (or some social-engineering equivalent like
> "click here to install shiny package) is an example. And "we" have
> had bunches of those.

That's *after* the mail is opened.

> > User files are not necessary for the health of the system.
> But they're the those which really count: after all, I can reproduce
> the system easily.

The integrity of a user's files is underpinned by the integrity of
the system. What price a user's files when the system knocks a few
0s and 1s off them at random times? Replacing one defective system
with another equally defective one leaves those files in the same
precarious situation. 
> Of course, smart users compartmentalize the risk: as an example,
> my tax declaration is done under a different user (for one, it's
> somewhat sensitive data, for the other, my tax overlords force
> me to use a browser with all gates open, which I consider as
> inherently insecure, so I prefer to keep things separate. And
> this separation is helped [1] by the system's integrity.

I'd see it in stronger terms than "helped". Otherwise, you are just
exchanging one risk for another if the separation is not enforced.


Reply to: