[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wednesday 04 July 2007 00:16, Simon Waters wrote: > george wrote: > > What a simple idea and so bleeding obvious. > > Which is why lots of people have had it. > > > And what a way to sell a Linux > > intro to the unwashed masses. > > > > http://www.itwire.com.au/content/view/13292/53/ > > Whilst I like the idea - I can think of one downside. > > The main reason Windows viruses don't try to mess with the BIOS is that > there is nowt to gain, and an infected host to lose from ones botnet. > > As soon a booting from an alternative media is widespread for banking, > some of the bots will try to hijack the BIOS so they can steal data from > the other operating system (or listen to the network traffic), or hijack > the router for similar (router meddling has the same downsides as BIOS > meddling for the abuser). > > Indeed subverting routers with Javascript has already been done, at > least as a proof of concept. The Javascript looked for routers, at the > manufacturers default IP address, with the manufacturers default > username/password (default passwords are a stupid idea! See Oracle and > "change on install" story). It would then login and change your routers > settings, which with things like DNS makes for a powerful kind of > phishing. So visiting a website with such Javascript led to exploit. > > I'm also surprised how many people don't know that by default IE allows > the copying of clipboard content by Javascript. Think about it the next > time you are about to cut and paste a password into a webpage in IE. > Then again Firefox makes enabling this functionality on a per site basis > difficult as there is no built in GUI for it, where as IE makes it > relatively easy (although I think attempting to secure IE is a futile > activity). I'm afraid the above notes list to a large degree why computing has ground to a halt over the last few years. M$ has been selling the lie that computing can be made easy - it cant! You cant make something easy to use, useable and secure. Turning down security on a computer is like turning off the braking system on a car so you at least get somewhere. Default username/passwords are a must in this environment as otherwise there would be thousands of inaccessible boxes everywhere! Every company where I have worked that has had a security scare and has then gone on to lock down has ground to a halt and effectively given on security. Alas the same goes for those that have tried from the start using windows... Secure web browsing is a nice idea but at some time there will be a power cut and you will loose all your bookmarks and most people will grind to a halt then. Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html