Re: WARNING:DO NOT UPGRADE TO CORE 4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-07-13 at 13:13 -0500, Mike McCarty wrote:
> Paul Howarth wrote:
> 
> >On Wed, 2005-07-13 at 11:10 -0500, Mike McCarty wrote:
> >  
> >
> [snip]
> 
> >>So, what is my "vulnerability"?
> >>
> >>This is a serious question.
> >>    
> >>
> >
> >Nobody knows what vulnerabilities there may be. That's why it's
> >important to have multiple layers of security.
> >
> >A vulnerability has recently been discovered in part of the
> >image-handling code that's used in Explorer. Suppose a similar
> >vulnerability existed in Mozilla. A carefully crafted image on a website
> >you visited could result in your mozilla running a cracker's code. That
> >could run a process that sat around on your system and periodically
> >logged on to an irc channel to collect jobs to run, such as send out a
> >bunch of spam or even worse. So never assume you are safe.
> >  
> >
> I don't assume that I am safe. I want to know what my vulnerability is.
> 
> Apparently, you don't know, either, and can't answer my question.
> 
> Thanks for the response, though.

My point was that there's no way of knowing what undiscovered
vulnerabilities there are on your system, so having multiple layers of
defences such as firewalls, mounting /var and /tmp partitions with
noexec, selinux etc. all help to mitigate the risk.

Paul.
-- 
Paul Howarth <paul@xxxxxxxxxxxx>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux