|
On 12/16/2012 12:12 PM, Reindl Harald
wrote:
But aren't there ways to protect myself?...I use ClamAV, I have NO IDEA how it works, and I'm trying like hell to get a grasp of the SELinux thing, but until I'm a "guru" in either of those categories, how would I prevent myself and my system from being compromised? I don't place too much faith in AV tools....only because coming from a "Windows World" the Symantecs.......McAfees......and various other so-called "protection services" did nothing to keep me safe. And mind you I was NEVER so ignorant as to think that just updating virus definition files would protect me......and that I could just click on anything I wanted! I was cautious! I didn't even visit certain sites I had heard got "hit"....so coming from that environment....and not being savvy enough to "hack" myself into a perfect state of hardened security....what's someone who's still in transition to do?...Am 16.12.2012 18:02, schrieb Bruno Wolff III:On Sun, Dec 16, 2012 at 19:17:50 +1030, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:On Sat, 2012-12-15 at 11:18 -0600, Bruno Wolff III wrote:Unless you think you have a chance of being singled out by a goverment or if you don't trust some of the people/machines on your local network, this isn't a significant risk.You don't think some malcontent might try to set up a bogus repo, or damage another one, just because they're an ass?They have to get people to use such a repo, which is going to be hard. One could get away with it perhaps for a little while by showing different data to users and to the mirror checker. And only a small fraction of people are going to end up using such a mirror.nothing easier as to point you to another repo with /etc/hosts if something goes wrong on your machine - it is enough if you are ONE TIME ente your root-password in the wrong dialog and after pointing you to a modified repo you get a backdoor installed which you can not detect if it is done well by filter output of lsof, ps and whatever tools you think are helping you in such cased who makes you believe repos are always trustable for sure and no ssh-keys of maintainers are lost and misued? it happened not so long ago to the fedora infrastructure (google is your friend) the first and largest mistake in context security you can make is to think you are secure but not have the knowledge to make sure it is so - goodwill and hope is no base for security EGO II |
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
