Re: MDs & Dentists
On Wed, Jul 21, 2021 at 02:38:50PM -0400, Celejar wrote:
> > > > > https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/
> > > >
> > > > Requires Java to be installed. A rare case on a Linux *desktop*.
> > >
> > > Rare? I don't have statistics, but on one of my Linux desktops, I do
> > > some development work for Android, using IntelliJ IDEA / Android Studio,
> > > which depend on at least some Java components.
> >
> > Numbers show that I was incorrect. Let's call it "unlikely" instead of
> > "rare". Let the popcon graphs speak for themselves:
> >
> > https://qa.debian.org/popcon.php?package=firefox-esr
> > vs
> > https://qa.debian.org/popcon.php?package=openjdk-11
>
> I'm not sure I'm reading the numbers correctly, but the openjdk-11-jre
> figures are 26-29% (as opposed to firefox-esr's 42%) - hardly "unlikely."
I was referring to absolute numbers, which are 57847 and 83915
respectively. Looks like I was incorrect again, I looked at jre, not
jdk. Ok, let's make this "common".
I wonder which software (that requires JDK) is provided by Debian and
is that popular.
> > True. Every version of Chromium and Firefox fixes at least one.
> > Most of said vulnerabilities do cannot be used to get Remote Code
> > Execution (RCE) though. Which leaves us with "random download" scenario,
> > which I've discussed above.
>
> Most, yes. But the pwn2own hackers, for example, seem to pretty
> routinely get RCE on the major browsers, so I wouldn't bet my data that
> ransomware authors won't as well:
>
> https://www.zerodayinitiative.com/blog/2019/3/21/pwn2own-vancouver-2019-day-two-results
> https://www.bleepingcomputer.com/news/security/researchers-earn-1-2-million-for-exploits-demoed-at-pwn2own-2021/
Given the amount of money and the publicity these people earn - I'd be
surprised if they did not find anything. Still, it's one (ok, several)
RCE per year, and due to the nature of pwn2own - it's unlikely that such
vulnerabilities are common knowledge before the actual pwn2own event,
and they're patched afterwards.
Reco
Reply to: