[Melbourne-pm] Knockd for Web
adrian.muhrer at rea-group.com
Mon Jun 1 23:14:21 PDT 2009
while not arguing with you at all about the dangers of .desktop files
they are a bit scary, and there is quite a bit of info out there on it
bu FYI - i just clicked on the link in konqueror on kubuntu hardy
and i got a dialog that said
"Do you really want to execute http://sam.nipl.net/firefox.desktop?"
so ppl at least get a warning
here's a hard example
On Tuesday 02 June 2009 15:26:24 Sam Watkins wrote:
> On Tue, Jun 02, 2009 at 02:34:08PM +1000, Daniel Pittman wrote:
> > I agree with Toby: to assert the risks of .desktop files you need to
> > prove that there is a risk.
> hey, linux noob / someone's grandma using ubuntu...
> try this new version of firefox it's such a small download!
> Go ahead and try it, it doesn't actually do any damage.
> But it could. It could easily email itself to all your friends sleep
> for a little while then rm -rf all your files. It could sniff all your
> passwords, and email them to me. It could wget other viruses, log your
> keypresses, impersonate your bank website, etc.
> Even windows has better protection against that attack vector
> (it asks you if you want to run the dangerous file or not).
> You don't even necessarily have to be a noob to get caught by this sort
> of thing.
> Melbourne-pm mailing list
> Melbourne-pm at pm.org
More information about the Melbourne-pm