[Ilugc] Misleading article in Ziff-Davis eWeek
- From: linux@xxxxxxxxxxxxxxxx (Suresh Ramasubramanian)
- Date: Tue Nov 2 15:53:16 2004
Sivasankar Chander wrote:
Ordinarily, the user need not even know the root password, and still be
able to use the system for normal day-to-day office activities. This is
the default situation in most Unix deployments in corporate settings.
Popping a dialog-box with such a question would not be of any use for
a Trojan, if the user simply didn't know the root password, or was smart
enough not to type it in at such a prompt.
Well, I've seen slightly different social engg exploits targeted at the
sort of semi 31337 crowd that knows just enough to install FC3, knows
all sorts of cool buzzwords ...and then receives an email that has the
subject "pgp has been cracked, run this command to see how" .. the
command being, on pine "pipe the attached script to shell and then
execute it". Of course, the attached script just happened to be a
rootkit ...
*nix (linux, bsd, sun, whatever) has its very own category of stupid
users.. those who know far more buzzwords than unix concepts, and who
still lack the ingrained caution and security consciousness that you
develop when using a well engineered and security aware OS like *nix.
You get semi-clued users all over the place .. on MSDN forums, as well
as on linux mailing lists. They're not unique to microsoft.. and as long
as there are stupid users, there will be exploits targeted at their
stupidity.
Always remember that, as Alexander Pope said, "A little knowledge is a
dangerous thing. Drink deep, or taste not of the pierian spring". Half
baked knowledge is the most dangerous knowledge to have ...
srs
Other related posts:
