[Melbourne-pm] Knockd for Web

Toby Corkindale toby.corkindale at strategicdata.com.au
Mon Jun 1 23:36:40 PDT 2009


Sam Watkins wrote:
> On Tue, Jun 02, 2009 at 02:34:08PM +1000, Daniel Pittman wrote:
>> I agree with Toby: to assert the risks of .desktop files you need to
>> prove that there is a risk.
> 
> hey, linux noob / someone's grandma using ubuntu...
> try this new version of firefox it's such a small download!
> 
>   http://sam.nipl.net/firefox.desktop
> 
> Go ahead and try it, it doesn't actually do any damage.
> But it could.  It could easily email itself to all your friends sleep
> for a little while then rm -rf all your files.  It could sniff all your
> passwords, and email them to me.  It could wget other viruses, log your
> keypresses, impersonate your bank website, etc.
> 
> Even windows has better protection against that attack vector
> (it asks you if you want to run the dangerous file or not).

I replied to you previously about this.

Attempting to run the file brings up a great big warning message and 
doesn't actually run the file!

Please cease this FUD!


More information about the Melbourne-pm mailing list