Linux 2020 - Linux

This is a discussion on Linux 2020 - Linux ; In comp.os.linux.advocacy, AZ Nomad wrote on Tue, 22 Apr 2008 10:44:57 -0500 : > On Tue, 22 Apr 2008 10:05:50 -0500, JEDIDIAH wrote: >>On 2008-04-22, The Ghost In The Machine wrote: >>> In comp.os.linux.advocacy, DFS >>> >>> wrote >>> on ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 22 of 22

Thread: Linux 2020

  1. Re: Linux 2020

    In comp.os.linux.advocacy, AZ Nomad

    wrote
    on Tue, 22 Apr 2008 10:44:57 -0500
    :
    > On Tue, 22 Apr 2008 10:05:50 -0500, JEDIDIAH wrote:
    >>On 2008-04-22, The Ghost In The Machine wrote:
    >>> In comp.os.linux.advocacy, DFS
    >>>
    >>> wrote
    >>> on Sun, 20 Apr 2008 14:20:01 -0400
    >>>:
    >>>> AZ Nomad wrote:
    >>>>
    >>>>> Microsoft failure to understand difference means that something as
    >>>>> seemingly benign as a slide show can wipe out your system. Insane.
    >>>>
    >>>> Don't you nutcases ever get sick of being wrong and stupid?
    >>>>
    >>>> http://www.linux.com/articles/53998
    >>>>
    >>>
    >>> Oops, yep, Linux has the absolute worst security record this week.
    >>> Guess we should all just go to Vista Ultimate and shut up.

    >
    >> Why? Does it allow you to turn off javascript by default and
    >>whitelist only those sites that you trust?

    >
    > Has vista embraced 60's technology and stopped having the default user be
    > an administrator?
    >
    > Javascript is harmless when you're not running as root/admin.


    Not quite harmless. All of the user's data could
    potentially be wiped, if the malfunction is bad enough.

    The system should be OK, though, unless it finds
    a local root exploit loophole, something along the
    lines of the already-patched ptrace bug.

    And of course that's far less dangerous than hijacking
    the entire computer and making it into a zombie -- though
    that *is* a possibility, within certain easily defensible
    limitations (mostly having to do with SMTP servers checking
    to ensure the sender is sending from a privileged socket --
    of course, if the virus is smart enough it can rifle the
    user's user/pass and go POP3 instead).

    --
    #191, ewill3@earthlink.net
    Linux. Because it's there and it works.
    Windows. It's there, but does it work?

    --
    Posted via a free Usenet account from http://www.teranews.com


  2. Re: Linux 2020

    In comp.os.linux.advocacy, Ezekiel

    wrote
    on Tue, 22 Apr 2008 12:43:35 -0400
    :
    >
    > "AZ Nomad" wrote in message
    > news:slrng0s1vp.i40.aznomad.3@ip70-176-155-130.ph.ph.cox.net...
    >> On Tue, 22 Apr 2008 10:05:50 -0500, JEDIDIAH wrote:
    >>>On 2008-04-22, The Ghost In The Machine
    >>>wrote:
    >>>> In comp.os.linux.advocacy, DFS
    >>>>
    >>>> wrote
    >>>> on Sun, 20 Apr 2008 14:20:01 -0400
    >>>>:
    >>>>> AZ Nomad wrote:
    >>>>>
    >>>>>> Microsoft failure to understand difference means that something as
    >>>>>> seemingly benign as a slide show can wipe out your system. Insane.
    >>>>>
    >>>>> Don't you nutcases ever get sick of being wrong and stupid?
    >>>>>
    >>>>> http://www.linux.com/articles/53998
    >>>>>
    >>>>
    >>>> Oops, yep, Linux has the absolute worst security record this week.
    >>>> Guess we should all just go to Vista Ultimate and shut up.

    >>
    >>> Why? Does it allow you to turn off javascript by default and
    >>>whitelist only those sites that you trust?

    >>
    >> Has vista embraced 60's technology and stopped having the default user be
    >> an administrator?
    >>

    >
    >> Javascript is harmless when you're not running as root/admin.

    >
    > You mean like this?


    Exactly like this.

    >
    > http://www.mozilla.org/security/anno...sa2008-14.html
    >
    > Mozilla Foundation Security Advisory 2008-14
    > Title: JavaScript privilege escalation and arbitrary code execution
    > Impact: Critical
    > Announced: March 25, 2008
    > Reporter: moz_bug_r_a4, Boris Zbarsky, Johnny Stenback
    > Products: Firefox, Thunderbird, SeaMonkey
    >
    > Fixed in: Firefox 2.0.0.13
    > Thunderbird 2.0.0.14
    > SeaMonkey 1.1.9
    >
    > Description
    > Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback
    > reported a series of vulnerabilities which allow scripts from page content
    > to run with elevated privileges. moz_bug_r_a4 demonstrated additional

    ^^^^^^^^^^^^^^^^^^^

    (Presumed translation: local root trojan/phishing exploit!)

    > variants of MFSA 2007-25 and MFSA2007-35 (arbitrary code execution through
    > XPCNativeWrapper pollution). Additional vulnerabilities reported separately
    > by Boris Zbarsky, Johnny Stenback, and moz_bug_r_a4 showed that the browser
    > could be forced to run JavaScript code using the wrong principal leading to
    > universal XSS and arbitrary code execution.
    >
    > Thunderbird shares the browser engine with Firefox and could be vulnerable
    > if JavaScript were to be enabled in mail. This is not the default setting
    > and we strongly discourage users from running JavaScript in mail.
    >
    > Workaround
    > Disable JavaScript until a version containing these fixes can be installed.
    >
    >
    >
    >
    > ** Posted from http://www.teranews.com **


    --
    #191, ewill3@earthlink.net
    Linux. Because it's there and it works.
    Windows. It's there, but does it work?

    --
    Posted via a free Usenet account from http://www.teranews.com


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2