On Wed, 2005-07-13 at 13:13 -0500, Mike McCarty wrote: > Paul Howarth wrote: > > >On Wed, 2005-07-13 at 11:10 -0500, Mike McCarty wrote: > > > > > [snip] > > >>So, what is my "vulnerability"? > >> > >>This is a serious question. > >> > >> > > > >Nobody knows what vulnerabilities there may be. That's why it's > >important to have multiple layers of security. > > > >A vulnerability has recently been discovered in part of the > >image-handling code that's used in Explorer. Suppose a similar > >vulnerability existed in Mozilla. A carefully crafted image on a website > >you visited could result in your mozilla running a cracker's code. That > >could run a process that sat around on your system and periodically > >logged on to an irc channel to collect jobs to run, such as send out a > >bunch of spam or even worse. So never assume you are safe. > > > > > I don't assume that I am safe. I want to know what my vulnerability is. > > Apparently, you don't know, either, and can't answer my question. > > Thanks for the response, though. My point was that there's no way of knowing what undiscovered vulnerabilities there are on your system, so having multiple layers of defences such as firewalls, mounting /var and /tmp partitions with noexec, selinux etc. all help to mitigate the risk. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
