WARNING:DO NOT UPGRADE TO CORE 4
Paul Howarth
paul at city-fan.org
Wed Jul 13 18:22:36 UTC 2005
On Wed, 2005-07-13 at 13:13 -0500, Mike McCarty wrote:
> Paul Howarth wrote:
>
> >On Wed, 2005-07-13 at 11:10 -0500, Mike McCarty wrote:
> >
> >
> [snip]
>
> >>So, what is my "vulnerability"?
> >>
> >>This is a serious question.
> >>
> >>
> >
> >Nobody knows what vulnerabilities there may be. That's why it's
> >important to have multiple layers of security.
> >
> >A vulnerability has recently been discovered in part of the
> >image-handling code that's used in Explorer. Suppose a similar
> >vulnerability existed in Mozilla. A carefully crafted image on a website
> >you visited could result in your mozilla running a cracker's code. That
> >could run a process that sat around on your system and periodically
> >logged on to an irc channel to collect jobs to run, such as send out a
> >bunch of spam or even worse. So never assume you are safe.
> >
> >
> I don't assume that I am safe. I want to know what my vulnerability is.
>
> Apparently, you don't know, either, and can't answer my question.
>
> Thanks for the response, though.
My point was that there's no way of knowing what undiscovered
vulnerabilities there are on your system, so having multiple layers of
defences such as firewalls, mounting /var and /tmp partitions with
noexec, selinux etc. all help to mitigate the risk.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the users
mailing list