Quoting Samuel Greenfeld (2016-01-05 17:34:18) > In general, many widely used Sugar distributions are based on > Operating Systems that are at least a few years old and full of > security holes. > > Bringing them up to date for computers like XOs that need updated > hardware drivers would require a fair amount of effort. (Hence the > move by some groups to standardized hardware and Ubuntu for long-term > support.) > > The primary mitigating factors {if you could count them as such} are > that (1) many Sugar users are offline or barely online, and (2) the > obscurity of someone trying to hack telepathy versus using a wider > exploit against something like libjpeg or OpenSSL. > > But I wouldn't rely on obscurity as your sole protection.
The security flaws I suspect exist in legacy Gabble is indeed OpenSSL flaws. -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
_______________________________________________ Sugar-devel mailing list Sugar-devel@lists.sugarlabs.org http://lists.sugarlabs.org/listinfo/sugar-devel