[nSLUG] An open door for open source?

Ian Campbell ian at slu.ms
Sun Feb 15 23:12:11 AST 2009


On Sun, Feb 15, 2009 at 10:42:11PM -0400, D G Teed wrote:
> I thought the comments section contained a neat link:
> 
> Interview with an adware author...
> 
> http://philosecurity.org/2009/01/12/interview-with-an-adware-author
> 
> Talks about how easy it was to hack IE and Windows in general.
> 
> Then later...
> 
> S: In your professional opinion, how can people avoid adware?
> 
> M: Um, run UNIX.

Good point Matt, Firefox, Konqueror and co. have *never* had
vulnerabilities...

Sure you can't own the system, but would you (or 99% of other users)
really notice an extra process calling itself:

ian      10687  0.0  0.2 189960 16756 ?        S    Feb11   0:00 kmix -session 1013bd9deca000123390698300000058910009_1233907838_851717

kicking around?

You could modify $PATH, you could use one of the seemingly daily
kernel bugs to escalate privs and turn a user account compromise into
a system compromise... the possibilities are endless.

... so, uh, yeah, that's a little simplistic.



More information about the nSLUG mailing list