Re: [Nolug] FEEDBACK: Security blame games

From: -ray <ray_at_ops.selu.edu>
Date: Mon, 8 Sep 2003 23:44:37 -0500 (CDT)
Message-ID: <Pine.LNX.4.44.0309082331190.23273-100000@romulus.csd.selu.edu>

On Mon, 8 Sep 2003, Mark A. Hershberger wrote:

> Dustin Puryear <dpuryear@usa.net> writes:
>
> > Advanced email software like Evolution has had flaws, and these flaws
> > will be attacked more and more as there are more Linux end-users.
>
> What sort of exploitable flaws does Evolution have? How would the
> exploitation of those flaws be similar to the exploits for Outlook if
> everyone ran Evolution?

I'm convinced that Joe User will click anything that says 'Click Me',
regardless of his OS or mail client. To see if Kmail was really more
secure, i sent myself a bash, perl, and compiled C program as attachments.
>From Kmail, just clicking around, there was no way to execute them.
Attempts to "open" just opened the source in Emacs. There was no way to
run them, which is good. All MUAs should be like this, since obviously
most people are too dumb to have a smart mail client.

I agree that linux will be attacked more and more as it grows. Anyone who
thinks Linux is impervious to a self-propagating network worm like Blaster
is kidding themselves. All it takes is a hole in <insert program> and
someone to write the worm.

ray

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean  				       	 http://www.r-a-y.org
Systems Engineer                    Southeastern Louisiana University
IBM Certified Specialist  	      AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
___________________
Nolug mailing list
nolug@nolug.org
Received on 09/08/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST