Re: Email based attack on University
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
On 4/10/19 6:17 am, Joe wrote:
> On Thu, 3 Oct 2019 20:54:10 +0100 Brian <ad44@cityscape.co.uk>
> wrote:
>
>
>>
>> Opening an email causes no problem to the system on Debian. We
>> would be in deep trouble if it did.
>
> That has been my experience, but I did bring some cautious habits
> from Windows, I don't render HTML and don't use a preview window
> and I don't, if I can possibly avoid it, use webmail.
>
> *If* I were to use the latest flashy GUI email client with all the
> bells and whistles, and *if* I were to enable all rendering options
> (they're probably on by default) and *if* I were to open a
> malicious email, is there any possible risk from JS expecting to
> find a Windows system but still managing to do harm to a Linux
> system? I make only simple web pages and applications for my own
> use, and believe that client-side scripting is the work of the
> Devil, so I don't have any idea of what can be done by malicious
> JS.
There are so many things that can go wrong in ANY desktop environment.
Users expect things to happen when you plug in a USB stick ....
sometimes the processing of files on that USB stick can lead to
vulnerabilities coming in to play.
Sometimes the hardware can be compromised and a USB stick plays like a
keyboard (rubby ducky style) and presents problems.
The more we have our Linux desktop work as Windows users expect; ala
adding usability, the more attack surface is there to be possibly
exploited. Auto-mounting, auto-opening ... they are just for starters.
If we stuck to more traditional desktop environments, especially
without systemd, just for starters, then the environment has more
potential to be more safe. But when we auto anything to make the
desktop experience better, then we add risks and potential problems.
It doesn't have to be gui mail or http renderers here, it could be
many things. It could be just a plain simple file explorer.
Best practice dictates that you shouldn't run as a privileged user for
'normal' computer usage, the Windows and Mac worlds make the first
users admin users .... that is a huge problem in itself. And in the
Linux world, it is all too often that an ordinary user /may/ have
access to super user via sudo that is too weak and adds further risk
(not unlike removing the need to accept Windows UAC prompts). Damage
can easily be done in all sorts of ways, if you don't take good care.
Also, the less the desktop just works (as a Windows user might want),
then the less likelihood there will be of those such Windows users
migrating to Linux systems.
You can turn off JS in Thunderbird, but it's neigh on impossible in a
browser -- there are things you can do with noscript and other tools,
but some of those can be painful if used. TB does HTML just like
Firefox does, so any kinds of HTTP vulnerabilities are ripe for use
with TB as well.
Anyway, I'm sure that is far more than enough to think about, it just
quite simply isn't limited to preview panes of email programs or other
closely related potential security issues.
Cheers
AndrewM
-----BEGIN PGP SIGNATURE-----
iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXZajCQAKCRCoFmvLt+/i
++wPAP9LvY0El5jRbOVbz5WanLGLpFZ15vuKhnmtJ46eiH+UtQEAssIdt/WPJWxM
4uUGuwtyV+TT4RMvoAte2vRlgMcIANo=
=go2L
-----END PGP SIGNATURE-----
Reply to: