Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #19519

Re: Wikileaks Vault7 release--Linux vulnerabilities

Path csiph.com!news.mixmin.net!news.albasani.net!.POSTED!not-for-mail
From Andreas Kohlbach <ank@spamfence.net>
Newsgroups comp.os.linux.misc
Subject Re: Wikileaks Vault7 release--Linux vulnerabilities
Date Sun, 12 Mar 2017 15:55:05 -0400
Organization albasani.net
Lines 49
Message-ID <87mvcqjmna.fsf@usenet.ankman.de> (permalink)
References <ebd4396c-80bb-4f5c-9a23-ce7c4032d32b@googlegroups.com> <alpine.LNX.2.02.1703081604540.29335@darkstar.example.org> <8737emqk2i.fsf@usenet.ankman.de> <87fuimayix.fsf@LkoBDZeT.terraraq.uk> <alpine.LNX.2.02.1703091740050.31879@darkstar.example.org> <87k27xc81f.fsf@usenet.ankman.de> <o9v0gd$7gg$1@news.albasani.net> <87efy368yj.fsf@usenet.ankman.de> <oa1ef4$u66$1@news.albasani.net> <87fuiil5qm.fsf@usenet.ankman.de> <oa44ai$im5$1@dont-email.me>
Mime-Version 1.0
Content-Type text/plain
X-Trace news.albasani.net LTierKHPjChcH6S3pQV4Xv36X00glu4X8ooMGZdVDScLMB9K+Ds1v6UwH8zLU1dVZtoZO50AAVqLM5LJodw/fEPGEPNzQ1I9csTonaF+xFxqv2jkzXcF0dlapAOsDPua
NNTP-Posting-Date Sun, 12 Mar 2017 19:55:05 +0000 (UTC)
Injection-Info news.albasani.net; logging-data="PHlYRZIcVekcRox4K9WYBNjJrKJ3g4E0slnvjDg8aeI7th4Sw6XfRwe8LCwNKAyasLVlDQBgnu0iTYJojAcZMdzMHah1nmwDDT4QshaxNlWN002klpjPr3d9q2ioSv2K"; mail-complaints-to="abuse@albasani.net"
User-Agent Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
X-Face '#R~-oJz-_!iXhczPJ;=w1(`5-uQ2$0qHB7KKDV,]VoAC!P?swaa#m|eB<DkOt*XH=~9C[g S^w)b,)1q,{P\7Z3H,N(^m.YKuYM//B{X:PvbDk.|:g:$wVr*3*)[K6F+k\z-s32+oB]YJPy11wuGGz'bQAk~1.b1[;M{^A2@bboIENBB:Wd:<Fm~r7OuiJA1g}7KC-T'>Du+
Cancel-Lock sha1:EG3sxi+xB5T18MMnzDtoFSX4bTY= sha1:B/e+tl+y+oZUp8j2BwDXqzr/L3k=
X-Face-What-Is-It Capture Bee from Galaga
Xref csiph.com comp.os.linux.misc:19519

Show key headers only | View raw

On Sun, 12 Mar 2017 19:36:43 +0100, Aragorn wrote:
>
> On Sunday 12 March 2017 19:17, Andreas Kohlbach conveyed the following 
> to comp.os.linux.misc...
>
>> I recently read about a user being asked for a login password for a
>> demo Linux (booted from DVD or USB to see how it works). Imagine you
>> are a Windows user and want to test Linux and boot from such a
>> DVD/USB, and the first thing happening is you are asked for a
>> password.
>> 
>> It doesn't help that the password was blank (just needed to press
>> ENTER). Because that scares newbies off already. First impression...
>
> Whether the newbie is scared by the increased level of security in 
> GNU/Linux or not is irrelevant.  Evidence has shown that this increase 
> in security is warranted.  The lack of proper security in Microsoft 
> Windows is one of the primary reasons why it's being exploited all the 
> time.

I beg to differ. Although wrong, a (Windows) user will always choose
convenience over security.

I know several Windows users I asked if they set up two passwords when
they reinstall Windows. And explained why that is a good idea. None would
do it and one defended himself with "I use a virus scanner"... :-(

> Ask yourself this question: do you really want a process running with 
> root privileges on your system without any authentication at all?  And 
> if so, do you have any idea how this mechanism could be exploited by an 
> attacker for gaining elevated privileges on your system?

It's not about me (nobody here gets it?). It's about newbies who might
want to look into Linux. I don't want Linux to compromise security. But
you can still have it more convenient for them, like making updates fully
automated on their request (Don't show this warning again).

> If people want lax security, then they will simply have to continue 
> using Microsoft Windows.  It was designed that way.  

You're probably right. Windows user expecting Windows from Linux
shouldn't even try Linux.

[...]
-- 
Andreas
You know you are a redneck if
you ever driven down the road with your seat belt hanging out of
the door making sparks.

Back to comp.os.linux.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Wikileaks Vault7 release--Linux vulnerabilities pureheart@pacbell.net - 2017-03-08 09:11 -0800
  Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-08 19:43 +0000
    Re: Wikileaks Vault7 release--Linux vulnerabilities Mark Dixon <mnd999@hotmaill.com> - 2017-03-12 11:24 +0000
    Re: Wikileaks Vault7 release--Linux vulnerabilities 4891wsmith1984@gmail.com - 2017-03-12 09:12 -0700
      Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-12 09:44 -0700
      Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-12 18:09 +0000
        Re: Wikileaks Vault7 release--Linux vulnerabilities 4891wsmith1984@gmail.com - 2017-03-12 11:53 -0700
          Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-12 19:19 +0000
            Re: Wikileaks Vault7 release--Linux vulnerabilities 4891wsmith1984@gmail.com - 2017-03-12 12:28 -0700
          Re: Wikileaks Vault7 release--Linux vulnerabilities "J. Clarke" <j.clarke.873638@gmail.com> - 2017-03-12 15:31 -0400
            Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-12 22:20 +0000
        Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-12 20:22 +0100
          Re: Wikileaks Vault7 release--Linux vulnerabilities 4891wsmith1984@gmail.com - 2017-03-12 12:59 -0700
            Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-12 22:23 +0100
              Re: Wikileaks Vault7 release--Linux vulnerabilities Jean-David Beyer <jeandavid8@verizon.net> - 2017-03-14 20:00 -0400
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-15 03:22 +0100
            Re: Wikileaks Vault7 release--Linux vulnerabilities "J. Clarke" <j.clarke.873638@gmail.com> - 2017-03-12 20:46 -0400
              Re: Wikileaks Vault7 release--Linux vulnerabilities 4891wsmith1984@gmail.com - 2017-03-13 04:34 -0700
                Re: Wikileaks Vault7 release--Linux vulnerabilities "J. Clarke" <j.clarke.873638@gmail.com> - 2017-03-14 21:30 -0400
  Re: Wikileaks Vault7 release--Linux vulnerabilities Michael Black <et472@ncf.ca> - 2017-03-08 16:09 -0500
    Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-08 22:00 +0000
    Re: Wikileaks Vault7 release--Linux vulnerabilities William Unruh <unruh@invalid.ca> - 2017-03-08 22:19 +0000
    Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-09 15:19 -0500
      Re: Wikileaks Vault7 release--Linux vulnerabilities Richard Kettlewell <invalid@invalid.invalid> - 2017-03-09 22:14 +0000
        Re: Wikileaks Vault7 release--Linux vulnerabilities Michael Black <et472@ncf.ca> - 2017-03-09 17:44 -0500
          Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-10 13:15 -0500
            Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-10 19:58 +0000
              Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-11 12:04 -0500
                Re: Wikileaks Vault7 release--Linux vulnerabilities Rich <rich@example.invalid> - 2017-03-11 17:32 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-11 18:08 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-12 14:17 -0400
                Re: Wikileaks Vault7 release--Linux vulnerabilities Aragorn <thorongil@telenet.be> - 2017-03-12 19:36 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-12 19:16 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-12 14:12 -0700
                Re: Wikileaks Vault7 release--Linux vulnerabilities Frank V <frank.vandermeiren@telenet.be> - 2017-03-12 23:10 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-12 15:55 -0400
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-12 22:27 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-12 22:23 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-12 23:33 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-12 15:59 -0700
                Re: Wikileaks Vault7 release--Linux vulnerabilities 4891wsmith1984@gmail.com - 2017-03-13 04:37 -0700
                Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-12 19:12 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities Aragorn <thorongil@telenet.be> - 2017-03-12 23:39 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-11 19:40 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-11 10:55 -0800
            Re: Wikileaks Vault7 release--Linux vulnerabilities Rich <rich@example.invalid> - 2017-03-10 21:00 +0000
            Re: Wikileaks Vault7 release--Linux vulnerabilities Jean-David Beyer <jeandavid8@verizon.net> - 2017-03-10 16:10 -0500
            Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-10 21:50 +0100
              Re: Wikileaks Vault7 release--Linux vulnerabilities Richard Kettlewell <invalid@invalid.invalid> - 2017-03-11 08:08 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-11 12:55 +0100
            Re: Wikileaks Vault7 release--Linux vulnerabilities William Unruh <unruh@invalid.ca> - 2017-03-11 07:22 +0000
              Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-11 07:27 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-11 12:57 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities The Natural Philosopher <tnp@invalid.invalid> - 2017-03-11 12:30 +0000
              Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-11 12:10 -0500
                Re: Wikileaks Vault7 release--Linux vulnerabilities notbob <notbob@nothome.com> - 2017-03-11 17:35 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-11 12:40 -0500
                Re: Wikileaks Vault7 release--Linux vulnerabilities notbob <notbob@nothome.com> - 2017-03-11 18:05 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-12 14:12 -0400
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-11 19:44 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities notbob <notbob@nothome.com> - 2017-03-11 20:45 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2017-03-11 21:08 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities notbob <notbob@nothome.com> - 2017-03-11 21:46 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2017-03-11 21:05 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities "J. Clarke" <j.clarke.873638@gmail.com> - 2017-03-12 03:56 -0400
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-12 20:34 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2017-03-11 12:55 -0500
                Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-11 10:58 -0800
                Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-11 22:45 +0100
                Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-11 14:46 -0800
                Re: Wikileaks Vault7 release--Linux vulnerabilities Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2017-03-12 05:10 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities William Unruh <unruh@invalid.ca> - 2017-03-12 11:11 +0000
                Re: Wikileaks Vault7 release--Linux vulnerabilities Jean-David Beyer <jeandavid8@verizon.net> - 2017-03-11 17:16 -0500
                Re: Wikileaks Vault7 release--Linux vulnerabilities Andreas Kohlbach <ank@spamfence.net> - 2017-03-12 14:21 -0400
  Re: Wikileaks Vault7 release--Linux vulnerabilities William Unruh <unruh@invalid.ca> - 2017-03-08 22:14 +0000
  Re: Wikileaks Vault7 release--Linux vulnerabilities Dan Espen <despen@verizon.net> - 2017-03-08 18:03 -0500
    Re: Wikileaks Vault7 release--Linux vulnerabilities Richard Kettlewell <invalid@invalid.invalid> - 2017-03-08 23:21 +0000
      Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-09 02:29 +0100
        Re: Wikileaks Vault7 release--Linux vulnerabilities Dave <noone$$@llondel.org> - 2017-03-10 20:44 -0800
          Re: Wikileaks Vault7 release--Linux vulnerabilities William Unruh <unruh@invalid.ca> - 2017-03-11 07:21 +0000
            Re: Wikileaks Vault7 release--Linux vulnerabilities Richard Kettlewell <invalid@invalid.invalid> - 2017-03-11 08:20 +0000
              Re: Wikileaks Vault7 release--Linux vulnerabilities Richard Kettlewell <invalid@invalid.invalid> - 2017-03-11 11:34 +0000
            Re: Wikileaks Vault7 release--Linux vulnerabilities Rich <rich@example.invalid> - 2017-03-11 14:27 +0000
  Wikileaks Vault7 release--Linux vulnerabilities iosvanigch@gmail.com - 2017-03-08 20:12 -0800
    Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-08 20:24 -0800
      Re: Wikileaks Vault7 release--Linux vulnerabilities Richard Kettlewell <invalid@invalid.invalid> - 2017-03-09 08:11 +0000
        Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-12 14:18 -0700
          Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-12 22:58 +0100
            Re: Wikileaks Vault7 release--Linux vulnerabilities Bobbie Sellers <bliss@mouse-potato.com> - 2017-03-12 15:25 -0700
              Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-12 23:35 +0100
            Re: Wikileaks Vault7 release--Linux vulnerabilities William Unruh <unruh@invalid.ca> - 2017-03-13 00:11 +0000
              Re: Wikileaks Vault7 release--Linux vulnerabilities "Carlos E. R." <robin_listas@es.invalid> - 2017-03-13 01:28 +0100
          Re: Wikileaks Vault7 release--Linux vulnerabilities Richard Kettlewell <invalid@invalid.invalid> - 2017-03-12 22:58 +0000

csiph-web