Quoting Samuel Greenfeld (2016-01-05 17:34:18)
> In general, many widely used Sugar distributions are based on
> Operating Systems that are at least a few years old and full of
> security holes.
>
> Bringing them up to date for computers like XOs that need updated
> hardware drivers would require a fair amount of effort. (Hence the
> move by some groups to standardized hardware and Ubuntu for long-term
> support.)
>
> The primary mitigating factors {if you could count them as such} are
> that (1) many Sugar users are offline or barely online, and (2) the
> obscurity of someone trying to hack telepathy versus using a wider
> exploit against something like libjpeg or OpenSSL.
>
> But I wouldn't rely on obscurity as your sole protection.The security flaws I suspect exist in legacy Gabble is indeed OpenSSL flaws. -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
_______________________________________________ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel
