Re: [Nolug] FEEDBACK: Security blame games

From: Dustin Puryear <dpuryear_at_usa.net>
Date: Tue, 09 Sep 2003 00:34:41 -0500
Message-Id: <5.2.1.1.0.20030909002344.02196250@localhost port 111>

At 09:12 PM 9/8/2003 -0500, you wrote:

>Dustin Puryear <dpuryear@usa.net> writes:
>
> > Advanced email software like Evolution has had flaws, and these flaws
> > will be attacked more and more as there are more Linux end-users.
>
>What sort of exploitable flaws does Evolution have? How would the
>exploitation of those flaws be similar to the exploits for Outlook if
>everyone ran Evolution?

I just randomly googled for a link and quickly found:

http://www.secunia.com/advisories/8350/

Notice the third issue listed, which mentions a potentially exploitable,
old, and hopefully is-now-patched bug. If this bug had been exploitable (I
didn't research if it was exploited or not) then the user wouldn't have
even had to open an attachment.

Let's not kid ourselves. Software is software, and any complex software is
going to have bugs. Linux and open source software are no exception.

And you can argue that Linux protects the system better than Windows all
you want. If an exploit runs 'rm -rf /' then all of my personal files are
gone, and probably a whole lot of other stuff as well. For most users the
only reason to have a computer is to store and work with their files, so
for the exploit writer the job is done just the same.

---
Dustin Puryear <dustin@puryear-it.com>
Puryear Information Technology, LLC <http://www.puryear-it.com>
Providing expertise in the management, integration, and
security of Windows and UNIX systems, networks, and applications.
___________________
Nolug mailing list
nolug@nolug.org
Received on 09/09/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST