On Wednesday 02 December 2009 16:04:58 Richard Heck wrote: > On 12/02/2009 10:09 AM, Dave Ihnat wrote: > > Secondly, once you (as the bad guy) get a user to run something for you, > > you can start poking at the system itself. In this case, you're looking > > for a flaw in the system security itself--either misconfiguration, or > > an actual hole in some program or service that a normal user can run > > or use. > > As has been pointed out, however, serious damage can be done even if the > cracker never gets root privileges. One could install new extensions to > Firefox, for example, that would give the cracker access to passwords. > Or install programs into the user's home directory, run them from > .bash_profile, or whatever, and send spam around the world just using > "mail", the messages themselves being downloaded via wget. Etc, etc. All > very dangerous. Social engineering cannot be solved by technology. If one is stupid enough to accept a trojan and gets compromised, it is one's own fault. However, the main advantage of Linux in this situation is that *other* users are still pretty much safe, while in Windows compromising one user usually means compromising the whole machine, which opens a door to *all* users on that machine. And that is far worse --- if you share the machine with a fellow user who is dumb enough to fall for trojans, he is compromising *your* security if on Windows, while only his own if on Linux. Best, :-) Marko -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
