On Tue, 2009-02-10 at 22:14 +0000, alan c wrote: > > I trust it will not be long before I can feel just a little safer? > comments welcomed.
Personally, I would say that this is a very long article stating that social engineering is platform independent. Anybody can stick a bash script/binary/.exe on their blog saying "convert all your music to smaller files" or something. somewhere in the middle there is a wget and a sudo (or whatever the platform), and a lot of people blindly type in the password. Even if the source is available, 99% of people wont look. *nix by nature may be more "secure", and probably the majority of its users highly resilient to this sort of attack, but the most vulnerable point of any OS exists behind the keyboard. Essentially, its up to the OS/ distro to make the user aware (with annoying popups). I think something like "distro level security" could be implemented, where ubuntu (/rh/suse etc) maintain say an md5 list of all binaries available from the repositories (or just the installed ones), and before executing a file check if it exists in the hash file, and matches, and then execute or warn. For many users (who don't cross repo line much), this would be beneficial. For some, little more than annoying. This is assuming of course that no dodgy code makes its way into the repositories :) -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
