[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
george wrote: > > What a simple idea and so bleeding obvious. Which is why lots of people have had it. > And what a way to sell a Linux > intro to the unwashed masses. > > http://www.itwire.com.au/content/view/13292/53/ Whilst I like the idea - I can think of one downside. The main reason Windows viruses don't try to mess with the BIOS is that there is nowt to gain, and an infected host to lose from ones botnet. As soon a booting from an alternative media is widespread for banking, some of the bots will try to hijack the BIOS so they can steal data from the other operating system (or listen to the network traffic), or hijack the router for similar (router meddling has the same downsides as BIOS meddling for the abuser). Indeed subverting routers with Javascript has already been done, at least as a proof of concept. The Javascript looked for routers, at the manufacturers default IP address, with the manufacturers default username/password (default passwords are a stupid idea! See Oracle and "change on install" story). It would then login and change your routers settings, which with things like DNS makes for a powerful kind of phishing. So visiting a website with such Javascript led to exploit. I'm also surprised how many people don't know that by default IE allows the copying of clipboard content by Javascript. Think about it the next time you are about to cut and paste a password into a webpage in IE. Then again Firefox makes enabling this functionality on a per site basis difficult as there is no built in GUI for it, where as IE makes it relatively easy (although I think attempting to secure IE is a futile activity).
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html