Quoting Nick Murtagh (nickm at go2.ie):
> Frank Boehme wrote:
> >* Convince the victim to unpack and execute binary mail attachments
>> That's easy if the users aren't security conscious. Most windows
> users aren't. The assumption is that most linux distribution users
> are, but that won't be true forever.
Here's an experiment for you: Pretend you're such a user. Send
yourself a "hello world" executable attached to a mail. Count the steps
required to run it, given your choice of MUA.
With a typical MUA, you're obliged to (1) save it to /tmp (or
elsewhere), (2) "chmod u+x" it (because the MUA saves it without the
executable bit), and then (3) "./hello" to run it.
If you can find any counterexamples, please let the Linux community
know, so we can severely LART the author until he fixes his deficiently
(Recitations of inventive ways in which users can go out of their way to
shoot themselves in the foot, with or without WINE/VMware, etc., will be
considered tedious ignoring of the point and will be ignored.)
> We can get root with a local exploit.
You know what I tell people who get bitten by fixable exploits that
they've stupidly failed to fix? "Gee, that's an ugly hole you've shot
in your foot. Would you like help learning how to aim elsewhere?" The
fact that the bullet was malware-tipped is rather irrelevant to the
fundamental cause, which was insufficient admin education and diligence.
We in the Linux community have cures for insufficient admin education
and diligence. Or people can learn from Papa Darwin, if they prefer.
The latter will receive scant sympathy, though.
Cheers, SPAM SPAM SPAM SPAM!
Rick Moen SPAM SPAM SPAM SPAM!
rick at linuxmafia.com (_Nobody_ expects the Spammish Repetition!)
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!