[Melbourne-pm] Knockd for Web
Toby Corkindale
toby.corkindale at strategicdata.com.au
Mon Jun 1 23:36:40 PDT 2009
Sam Watkins wrote:
> On Tue, Jun 02, 2009 at 02:34:08PM +1000, Daniel Pittman wrote:
>> I agree with Toby: to assert the risks of .desktop files you need to
>> prove that there is a risk.
>
> hey, linux noob / someone's grandma using ubuntu...
> try this new version of firefox it's such a small download!
>
> http://sam.nipl.net/firefox.desktop
>
> Go ahead and try it, it doesn't actually do any damage.
> But it could. It could easily email itself to all your friends sleep
> for a little while then rm -rf all your files. It could sniff all your
> passwords, and email them to me. It could wget other viruses, log your
> keypresses, impersonate your bank website, etc.
>
> Even windows has better protection against that attack vector
> (it asks you if you want to run the dangerous file or not).
I replied to you previously about this.
Attempting to run the file brings up a great big warning message and
doesn't actually run the file!
Please cease this FUD!
More information about the Melbourne-pm
mailing list