Andy Green wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike McCarty wrote: | I have ADSL connections, with a D-Link wireless router between | my box and the ADSL modem. I have disabled the wireless part | of the router, and removed its antenna. Only the one machine | is actually connected to the router. I use Mozilla (cookies disabled, | java disabled) and Thunderbird (use server connections). | | So, what is my "vulnerability"? | | This is a serious question. Well the recent libz vuln will allow merely browsing to an evil site to take over your machine with your main user account privs by sending you a poisionous .png. Unless you have updated your libz with the security update. Even than anything else with libz compiled in statically is vulnerable.
Ok, let's suppose for a moment that, while I'm a fairly intelligent guy, I'm pretty ignorant of Linux internals. Could you give me something a little more intelligible. What is a poinsonous .png? I'm using the latest FC2. How can I tell whether I have updated my libz? I used uptodate up to the point where FC2 was no longer being updated.
And how do you create such a canonical list of apps when the (small, for zlib) sources may be composed into the app itself? So there is only a probability of safety eaten away by uncertainty, you can never prove there are no vulns so you can never really be certain of safety. Particularly all Fedora installs could be compromised by tampering with upstream source distributions... you can't disprove it (and let's hope nobody ever proves it!).
I didn't ask how one can prove one is secure. Proving a universal is universally impossible.
"Mozilla" is a giant teetering edifice of everchanging code that you
Oh, come now. If you take that attitude, then Linux and the FSF code is pretty much the same. With that attitude, the selinux is the same. Have *you* looked at all the code in Linux? Have you read and verified the selinux source? Obviously, not. Otherwise there wouldn't be reports against it. [snip] Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} This message made from 100% recycled bits. I can explain it for you, but I can't understand it for you. I speak only for myself, and I am unanimous in that!