[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Where's Konqueror in SU



Karel Voln wrote:


$ konqueror localhost:631
<supply root password to konqueror when asked for>

?

in the first case, if the attacker gets in control of Konqueror, he can do rm -rf / directly; in the latter, he can capture root password ... which may (or may not) be more valuable

I don't think much of your example, but in practice if some cracker tries to "rm -rf /" there's not a lot to choose, on my systems, between doing it as root and doing it is me. My valuables are mostly in ~ and the operating system is way easier to replace than the stuff in ~.

More likely, Ungodly will be looking for my banking details, and i I allow a browser to store unencrypted account details, being root doesn't make my situation worsse

However, I think the biggest hazards is through trojans, and if I can persuade you that you really should give my custom version of Firefox a burl, I've got you. along with Firefox I could install keyloggers to record what you type, I I can correlate what you type with where you go,,,,






--

Cheers
John

-- spambait
1aaaaaaa coco merseine nu  Z1aaaaaaa coco merseine nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]