[Melbourne-pm] Knockd for Web

amuhrer adrian.muhrer at rea-group.com
Mon Jun 1 23:14:21 PDT 2009


while not arguing with you at all about the dangers of .desktop files
they are a bit scary, and there is quite a bit of info out there on it

bu FYI - i just clicked on the  link in konqueror on kubuntu hardy
and i got a dialog that said

"Do you really want to execute http://sam.nipl.net/firefox.desktop?"

so ppl at least get a warning

here's a hard example
http://www.geekzone.co.nz/foobar/6229#compact

On Tuesday 02 June 2009 15:26:24 Sam Watkins wrote:
> On Tue, Jun 02, 2009 at 02:34:08PM +1000, Daniel Pittman wrote:
> > I agree with Toby: to assert the risks of .desktop files you need to
> > prove that there is a risk.
>
> hey, linux noob / someone's grandma using ubuntu...
> try this new version of firefox it's such a small download!
>
>   http://sam.nipl.net/firefox.desktop
>
> Go ahead and try it, it doesn't actually do any damage.
> But it could.  It could easily email itself to all your friends sleep
> for a little while then rm -rf all your files.  It could sniff all your
> passwords, and email them to me.  It could wget other viruses, log your
> keypresses, impersonate your bank website, etc.
>
> Even windows has better protection against that attack vector
> (it asks you if you want to run the dangerous file or not).
>
> You don't even necessarily have to be a noob to get caught by this sort
> of thing.
>
>
> Sam
> _______________________________________________
> Melbourne-pm mailing list
> Melbourne-pm at pm.org
> http://mail.pm.org/mailman/listinfo/melbourne-pm



-- 
Adrian Muhrer
Programmer
REA Group


More information about the Melbourne-pm mailing list