[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Where's Konqueror in SU

Karel Voln wrote:

$ konqueror localhost:631
<supply root password to konqueror when asked for>


in the first case, if the attacker gets in control of Konqueror, he can do rm -rf / directly; in the latter, he can capture root password ... which may (or may not) be more valuable

I don't think much of your example, but in practice if some cracker tries to "rm -rf /" there's not a lot to choose, on my systems, between doing it as root and doing it is me. My valuables are mostly in ~ and the operating system is way easier to replace than the stuff in ~.

More likely, Ungodly will be looking for my banking details, and i I allow a browser to store unencrypted account details, being root doesn't make my situation worsse

However, I think the biggest hazards is through trojans, and if I can persuade you that you really should give my custom version of Firefox a burl, I've got you. along with Firefox I could install keyloggers to record what you type, I I can correlate what you type with where you go,,,,



-- spambait
1aaaaaaa coco merseine nu  Z1aaaaaaa coco merseine nu
-- Advice

You cannot reply off-list:-)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]