flash on amd64 debian lenny
in [General Linux]
|
Prev: 2010 FIFA World Cup Brazil football jersey
Next: NYC LOCAL: Wednesday 16 June 2010 NYLUG: Rob Spectre on Open Source Television with Boxee
From: The Natural Philosopher on 13 Jun 2010 23:00 Robert Heller wrote: > At Sun, 13 Jun 2010 23:47:03 +0100 The Natural Philosopher <tnp(a)invalid.invalid> wrote: > >> General Schvantzkoph wrote: >>> On Sun, 13 Jun 2010 21:13:27 +0000, Curt wrote: >>> >>>> On 2010-06-13, The Natural Philosopher <tnp(a)invalid.invalid> wrote: >>>>> use the 64 bit nonfree and to hell with potential security wotsits. >>>> Pretty scary wotsits. >>>> >>>>> Only one I got working ... >>>> I'm with ya there. >>> How scary is it really? What can these exploits do on a Linux system? >> I suspect in general access anything you as a user running the browser, >> have privileges to access. >> >> I only took a cursory glance, but it looks like the standard 'in >> principle, a hacker could create a flash file that executed arbitrary code' >> >> Now if you are not running as root, that probably wouldn't compromise >> the operating system, but it might rip through your address books etc. > > The thing with Linux is that 'your address books etc.' is not one thing > that 90% of Linux users all use. In the Mess-Windows world you have > like 90% (or some such large percentage) of MS-Windows users using > Outlook [Express], so a hacker just needs to write code to hack into OE > address book, and this will work on a large percentage of mess-windows > boxen. Under Linux, the hacker has to write code that can hack, > Thunderbird, Evolution, Pine, Elm, etc. Then it has to figure out > where things are stored (since different distros might/could build each > of the above with different defaults or even ship different versions). > From a hacker POV, it is a real complexity mess. Note: This is not a > proper end-user problem, since end users pick a (single) tool on a > (single) distro and care not how another tool might store stuff on > another distro. (Yes, some people play with different distros and > different tools, but such people are not typical end-users.) > > The important bit of advice: don't store things like credit card numbers > or on-line banking (and other 'sensitive') passwords in clear text > files, that the 'arbitrary code' could get to. > the more likely nasty is that it reads your browser cache and uploads it somewhere. Probably full of name/password combos.
From: David W. Hodgins on 14 Jun 2010 03:58 On Sun, 13 Jun 2010 23:00:31 -0400, The Natural Philosopher <tnp(a)invalid.invalid> wrote: > the more likely nasty is that it reads your browser cache and uploads it > somewhere. Probably full of name/password combos. Do like I do. Use a separate account (userid), for use with each financial institutions, such as online banking. The browser I use in that account, only sees my online bank, no other websites. Since my regular account does not even have read access to the account I use for online banking, it can not get any financial info. If the hackers manage to hijack my banks website, I have much more to worry about. I do take care to ensure my dns servers ip addresses don't get hijacked, by turning off upnp, and running my own copy of bind. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
From: Curt on 14 Jun 2010 04:50 On 2010-06-13, General Schvantzkoph <schvantzkoph(a)yahoo.com> wrote: > On Sun, 13 Jun 2010 21:13:27 +0000, Curt wrote: > >> On 2010-06-13, The Natural Philosopher <tnp(a)invalid.invalid> wrote: >>>> >>> use the 64 bit nonfree and to hell with potential security wotsits. >> >> Pretty scary wotsits. >> >>> Only one I got working ... >> >> I'm with ya there. > > How scary is it really? What can these exploits do on a Linux system? http://www.adobe.com/support/security/bulletins/apsb10-14.html
From: Aragorn on 14 Jun 2010 06:28 On Monday 14 June 2010 00:47 in comp.os.linux.misc, somebody identifying as The Natural Philosopher wrote... > General Schvantzkoph wrote: > >> On Sun, 13 Jun 2010 21:13:27 +0000, Curt wrote: >> >>> On 2010-06-13, The Natural Philosopher <tnp(a)invalid.invalid> wrote: >>> >>>> use the 64 bit nonfree and to hell with potential security wotsits. >>> >>> Pretty scary wotsits. >> >> How scary is it really? What can these exploits do on a Linux system? > > I suspect in general access anything you as a user running the > browser, have privileges to access. > > I only took a cursory glance, but it looks like the standard 'in > principle, a hacker could create a flash file that executed arbitrary > code' Isn't NX supposed to prevent that sort of thing? > Now if you are not running as root, that probably wouldn't compromise > the operating system, but it might rip through your address books etc. Only if it knows what address books you are using. In Windows, Outlook Expresss and the likes use a lot of common components with Internet Explorer and the Windows scripting language or VBA or VBS - whatever it's called - connects these "tools" together, and this is how a lot of that malware operates.[1] It's all part of the single-user and monoculture approach of the Windows design. In GNU/Linux there's no such thing. [1] At least, this is what I've read about it, I don't use Windows, but I used to know more about it from when I was still in C.O.L.A. and needed to point out to the trolls why their beloved OS sucked so much. :p -- *Aragorn* (registered GNU/Linux user #223157)
From: Roger Blake on 14 Jun 2010 09:08
On 2010-06-14, David W. Hodgins <dwhodgins(a)nomail.afraid.org> wrote: > Do like I do. Use a separate account (userid), for use with > each financial institutions, such as online banking. Or do like I do. Don't use online banking. -- Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled due to spam.) "Obama dozed while people froze." |