TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Auto-detect [uh, Josh, if you're drinking, swallowbefore reading]

Date: Tue, 20 Apr 2004 13:11:29 +0900

From: "Stephen J. Turnbull" <stephen@example.com>

Subject: Re: [tlug] Auto-detect [uh, Josh, if you're drinking, swallowbefore reading]

References: <40831704.9080806@example.com><20040419123857.GR11018%jmglov@example.com>

Organization: The XEmacs Project

User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Portable Code, linux)
>>>>> "Josh" == Josh Glover <tlug@example.com> writes:

    Josh> Relying on GUI config tools is even worse,

ke-ke-ke-ke

    Josh> Not really, at least in this case. If an attacker gains
    Josh> physical access to your machine (as he would need to in
    Josh> order to "exploit" automounting), you are screwed anyway.

But he _does_ in this case.  Some of the posts are evidently missing
from the thread I'm looking at, but at a guess we're talking about
plugging a camera into your PC and autoflogging the contents of its
flash memory.

Do you really trust any large company's internals not to have a time
bomb in that flash memory?  True, today nobody would autoexec anyting
in there, but ... Java.  Write a "convenient" display program in Java,
put it on the flash, sell it as value-added ... after all, it's got
the latest and greatest virus inside!  Since it's "part of your
machine" (automounted, ne?) it won't necessarily be inside the "web
jail", hm?  In fact, since it also does file manager stuff and copies
the pix you select into a slide show folder, you'll break your clicker
finger turning the jail off, ne?  Oops.

Of course, MSFT boxen will autoexec after automounting, how
convenient!  Java is a safe language, surely Linux mustn't fall
behind....

Oh, and just to make you feel better, all the major companies in
digital photography come from a country where there's a privacy-scandal-
a-week when some company's employees "augment" their income by selling
access to customer data.

It's like my mom told me: don't mount anything just because you can,
it's not healthy.

    Josh> I don't really know how good a job SuSE does of being secure
    Josh> out of the box. Gentoo does a great job, as no net-facing
    Josh> daemons run unless you explicitly turn them on.

s/a great job/takes the bare minimum steps at least/

at least taking your description at face value.


-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.
Follow-Ups:

Re: [tlug] Auto-detect [uh, Josh, if you're drinking, swallow before reading]
From: Josh Glover

References:

[tlug] Auto-detect (Was Option City)
From: Lyle (Hiroshi) Saxon

Re: [tlug] Auto-detect (Was Option City)
From: Josh Glover

Prev by Date: Re: [tlug] Restarting a dead DNS lookup

Next by Date: Re: [tlug] HTML app packager?

Previous by thread: Re: [tlug] Auto-detect (Was Option City)

Next by thread: Re: [tlug] Auto-detect [uh, Josh, if you're drinking, swallow before reading]

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links