On Mon, Jun 27, 2005 at 07:36:50PM +0000, Paul Hink wrote: > Having one's workstation compromised (e.g. due to some vulnerability of > Mozilla) is a serious thing. There might be confidential data (e.g. > private e-mails) stored on it and in many cases it makes compromising a > server much easier as well (e.g. by logging SSH passwords or stealing > private SSH keys and their passphrases).
>From a company/organisation's point of view, this might be almost as serious as getting root. If you're a system administrator, you really don't want people to get root on the machine. If you're the CEO, you're mostly concerned with not letting outsiders read and/or write secret documents, which the users often store in /home/*. Cracking the right workstation might allow an attacker to access all the documents they want. (Something completely different: the Debian Security Audit Project have talked about auditing all of base, to make sure it's reasonably secure. Any volunteers are very welcome, as we're just three active members at the moment.) // Ulf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
