[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Neil Williams wrote: > > To be personally threatened by a security bug in GNU/Linux you would > need to have a poorly configured router, ..OR.. (!) > be running a server of some > kind or be offering some kind of internet-visible service (like SSH) > through your router firewall. IM clients, and peer to peer applications count as a service in this instance. Given pidgin has some very wacky behaviour, I'm guessing the code base is not immune from stupid mistakes. But anything that receives untrusted data given the current state of software is likely to be vulnerable, so browser and mail client are the obvious ones to exploit, although things like browser plugins are probably a richer source per line of code. And the ability of mail clients to launch almost any application means that every applications needs to be patched (a big win is where most distros supply most programs, not like most versions of Windows where you have to mess around to persuade Microsoft's update tools to patch most of Microsoft's own software, nevermind third party software. Indeed some of the free software Java VMs for browsers lack the Java Security manager layer for a long time, which is basically an open invitation to own the users data. The main step I take above and beyond the normal is running "No Scripts" and deleting cookies whenever the browser restarts. Hopefully I'll never run a bad script, and when I do it will hopefully not find me logged into anything important at the time. The main problem left is my personal bad habits - too much password reuse, and too little physical security (send cash so I can improve it - by buying extra backup devices). -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html