[Melbourne-pm] Knockd for Web
Sam Watkins
sam at nipl.net
Mon Jun 1 22:26:24 PDT 2009
On Tue, Jun 02, 2009 at 02:34:08PM +1000, Daniel Pittman wrote:
> I agree with Toby: to assert the risks of .desktop files you need to
> prove that there is a risk.
hey, linux noob / someone's grandma using ubuntu...
try this new version of firefox it's such a small download!
http://sam.nipl.net/firefox.desktop
Go ahead and try it, it doesn't actually do any damage.
But it could. It could easily email itself to all your friends sleep
for a little while then rm -rf all your files. It could sniff all your
passwords, and email them to me. It could wget other viruses, log your
keypresses, impersonate your bank website, etc.
Even windows has better protection against that attack vector
(it asks you if you want to run the dangerous file or not).
You don't even necessarily have to be a noob to get caught by this sort
of thing.
Sam
More information about the Melbourne-pm
mailing list