Re: MDs & Dentists

To: debian-user@lists.debian.org
Subject: Re: MDs & Dentists
From: Reco <recoverym4n@enotuniq.net>
Date: Wed, 21 Jul 2021 22:00:04 +0300
Message-id: <[🔎] E1m6HRs-0001i4-UF@enotuniq.net>
In-reply-to: <[🔎] 20210721143850.365e01afe51ba52cba9c7cc6@gmail.com>
References: <[🔎] 4fd2f83e-6bb4-a3c0-775a-2b4013805b46@surfnaked.ca> <[🔎] alpine.NEB.2.23.451.2107141425330.14423@panix1.panix.com> <[🔎] 42fde96b-fe42-2275-1e1a-a5cef5671d95@gmail.com> <[🔎] 8ea0aa6b-7fa2-68c6-1db4-3fc6085ade19@polynamaude.com> <[🔎] E1m3v99-00069e-Br@enotuniq.net> <[🔎] 20210720113226.03249275e3ddc02bce9bcd8d@gmail.com> <[🔎] E1m67PK-00010L-RI@enotuniq.net> <[🔎] 20210721105140.62b93d11dd049b66f7e2a341@gmail.com> <[🔎] E1m6EIp-0001Q5-3T@enotuniq.net> <[🔎] 20210721143850.365e01afe51ba52cba9c7cc6@gmail.com>

On Wed, Jul 21, 2021 at 02:38:50PM -0400, Celejar wrote:
> > > > > https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/
> > > > 
> > > > Requires Java to be installed. A rare case on a Linux *desktop*.
> > > 
> > > Rare? I don't have statistics, but on one of my Linux desktops, I do
> > > some development work for Android, using IntelliJ IDEA / Android Studio,
> > > which depend on at least some Java components.
> > 
> > Numbers show that I was incorrect. Let's call it "unlikely" instead of
> > "rare". Let the popcon graphs speak for themselves:
> > 
> > https://qa.debian.org/popcon.php?package=firefox-esr
> > vs
> > https://qa.debian.org/popcon.php?package=openjdk-11
> 
> I'm not sure I'm reading the numbers correctly, but the openjdk-11-jre
> figures are 26-29% (as opposed to firefox-esr's 42%) - hardly "unlikely."

I was referring to absolute numbers, which are 57847 and 83915
respectively.  Looks like I was incorrect again, I looked at jre, not
jdk. Ok, let's make this "common".

I wonder which software (that requires JDK) is provided by Debian and
is that popular.


> > True. Every version of Chromium and Firefox fixes at least one.
> > Most of said vulnerabilities do cannot be used to get Remote Code
> > Execution (RCE) though. Which leaves us with "random download" scenario,
> > which I've discussed above.
> 
> Most, yes. But the pwn2own hackers, for example, seem to pretty
> routinely get RCE on the major browsers, so I wouldn't bet my data that
> ransomware authors won't as well:
> 
> https://www.zerodayinitiative.com/blog/2019/3/21/pwn2own-vancouver-2019-day-two-results
> https://www.bleepingcomputer.com/news/security/researchers-earn-1-2-million-for-exploits-demoed-at-pwn2own-2021/

Given the amount of money and the publicity these people earn - I'd be
surprised if they did not find anything. Still, it's one (ok, several)
RCE per year, and due to the nature of pwn2own - it's unlikely that such
vulnerabilities are common knowledge before the actual pwn2own event,
and they're patched afterwards.

Reco

Reply to:

Follow-Ups:
- Re: MDs & Dentists
  - From: Celejar <celejar@gmail.com>

References:
- Re: MDs & Dentists
  - From: Charlie Gibbs <cgibbs@surfnaked.ca>
- Re: MDs & Dentists
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: MDs & Dentists
  - From: ellanios82 <ellanios82@gmail.com>
- Re: MDs & Dentists
  - From: Polyna-Maude Racicot-Summerside <debian@polynamaude.com>
- Re: MDs & Dentists
  - From: Reco <recoverym4n@enotuniq.net>
- Re: MDs & Dentists
  - From: Celejar <celejar@gmail.com>
- Re: MDs & Dentists
  - From: Reco <recoverym4n@enotuniq.net>
- Re: MDs & Dentists
  - From: Celejar <celejar@gmail.com>
- Re: MDs & Dentists
  - From: Reco <recoverym4n@enotuniq.net>
- Re: MDs & Dentists
  - From: Celejar <celejar@gmail.com>

Prev by Date: Re: Free LAMP VPS hosting
Next by Date: Re: MDs & Dentists
Previous by thread: Re: MDs & Dentists
Next by thread: Re: MDs & Dentists
Index(es):
- Date
- Thread