upgrade to rawhide report

Bryan Clark bclark at redhat.com
Thu Aug 26 07:39:12 UTC 2004 

On Thu, 2004-08-26 at 08:54 +0200, Nils Philippsen wrote:
> That when some people are struggling to get the majority of
> Windows-ridden persons _not_ to trust everything that's on a web page...
> Well the idea is that there will be bugs and there will be security
> holes and that I don't want to make it easier for the Black Hats to
> exploit these by just popping up a nicely crafted web page. Just think
> about the changes you need to do: now you have to check whether
> following special links is allowed, therefore you have to remember that
> a page is internal... With a dialog you get all of this for free and
> trust me, people are not that scared by dialogs than you seem to think
> ;-).

javascript::alert("Phear")  will look just like any alert dialog we
create in the system and there are other dialog boxes that can be
constructed via javascript that will be able to trick people in other
interactions.

Actually this is getting worse and worse.  Last time I was home using my
mom's PC with IE there was a popup/under window that had what looked to
be a DOS window that just finished a scan of my computer and found some
"bad things".  It even had a blinking cursor which I believe was
provided via an animated gif. 

Social engineering will always be the best way to spread viruses and
other malicious software.  There probably won't be a good way to stop
this anytime soon, if it's ever really possible.  Probably the best way
to get around this is for people to be able to reasonably understand and
expect what a computer will do or ask of them at anytime; then they can
always make informed choice with their actions.  However since computers
keep changing and updating; the defaults change and things look
different it's pretty hard to expect this of people.  This is like being
able to predict what my 4 year old cousin is going to say next, could be
about dinosaurs or it could be about some T.V. show; I can barely
understand what he's saying anyway.  Many people feel this way about
computers, "I unplugged the network cable and an Evolution dialog said:
'Error pinging IMAP server' : 'Error: Success'"  Next month it will say
"Error D-BUS activation: failure"  :-(

I'm sure clever social engineering has caught us all at one time or
another.  When you opened up what seemed like it could be a normal email
and it turned out that the 'Re: Staff Bulletin' subject line which was
just too close to real to ignore is actually spam.

Cheers,
~ Bryan

-- 
Bryan Clark <bclark at redhat.com>
Red Hat Desktop Design Ninja

More information about the fedora-devel-list mailing list