WARNING:DO NOT UPGRADE TO CORE 4
Paul Howarth
paul at city-fan.org
Wed Jul 13 18:01:51 UTC 2005
On Wed, 2005-07-13 at 11:10 -0500, Mike McCarty wrote:
> I wonder what security issues I have on my machine? There are
> only three users defined for my machine who can actually log in,
> to wit: root, jmccarty, and jjenning (a fellow I'm doing some
> contract work for). None of the passwords for any of those users
> is a word in any language. The paswords are 10 charactes long.
> I have ADSL connections, with a D-Link wireless router between
> my box and the ADSL modem. I have disabled the wireless part
> of the router, and removed its antenna. Only the one machine
> is actually connected to the router. I use Mozilla (cookies disabled,
> java disabled) and Thunderbird (use server connections).
>
> So, what is my "vulnerability"?
>
> This is a serious question.
Nobody knows what vulnerabilities there may be. That's why it's
important to have multiple layers of security.
A vulnerability has recently been discovered in part of the
image-handling code that's used in Explorer. Suppose a similar
vulnerability existed in Mozilla. A carefully crafted image on a website
you visited could result in your mozilla running a cracker's code. That
could run a process that sat around on your system and periodically
logged on to an irc channel to collect jobs to run, such as send out a
bunch of spam or even worse. So never assume you are safe.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list