[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 11/03/14 15:00, Brad Rogers wrote: > > Not that I think either you or BA meant that was > what I was saying. Not at all. But the lack of really widespread common threats on GNU/Linux and BSD risks complacency. Some of the difference is that the systems are better engineered. Some of the difference is simply diversity. Some of the difference is educated user base. On Mac OS X there have been several fairly successful botnets, the most successful of which occurred when Apple were slow with a Java security patch. Again the diversity within Java on Linux helps, but some of those Java's lack features like a security manager. Another Linux specific security "feature" I noticed which was a little depressing, is that the Chrome Encrypt::String method uses a set password and salt when encrypting cookies on Linux (on Microsoft Windows and Mac OS X it uses the users store for encryption credentials). I'm assuming they didn't write this method just to encrypt cookies. These kind of short cuts, I'm sure there are many more, mean that GNU/Linux desktops may be especially vulnerable to certain types of attack. Eventually some bad guys will realize that GNU/Linux users have all the really interesting credentials in ~/.ssh and elsewhere, and that we are worth the extra effort.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq