On Wed, 2005-07-13 at 11:10 -0500, Mike McCarty wrote: > I wonder what security issues I have on my machine? There are > only three users defined for my machine who can actually log in, > to wit: root, jmccarty, and jjenning (a fellow I'm doing some > contract work for). None of the passwords for any of those users > is a word in any language. The paswords are 10 charactes long. > I have ADSL connections, with a D-Link wireless router between > my box and the ADSL modem. I have disabled the wireless part > of the router, and removed its antenna. Only the one machine > is actually connected to the router. I use Mozilla (cookies disabled, > java disabled) and Thunderbird (use server connections). > > So, what is my "vulnerability"? > > This is a serious question. Nobody knows what vulnerabilities there may be. That's why it's important to have multiple layers of security. A vulnerability has recently been discovered in part of the image-handling code that's used in Explorer. Suppose a similar vulnerability existed in Mozilla. A carefully crafted image on a website you visited could result in your mozilla running a cracker's code. That could run a process that sat around on your system and periodically logged on to an irc channel to collect jobs to run, such as send out a bunch of spam or even worse. So never assume you are safe. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
