On 10/12/15, [email protected] <[email protected]> wrote: > ... > Thats what you fail to grasp, imho.
i appreciate education in all forms :) > I am not sure, what "rogue remote execution" is, please elaborate. > Sounds like an assassin sniper to me. ;) i should have been more clear. specifically, https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ ''' The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files. The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed. On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients. On Linux the exploit goes after the usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts. Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload. [Update: we’ve now seen variants that do have a Mac section, looking for much the same kinds of files as on Linux.] ''' > Again, you write "usability" you fail at understanding, that > OP is looking for a convenient and secure solution (he asked > about Pidgin being secure). usability is not just convenience. but i see why you conflate the two. > Sorry, but your vm-fanboyism isn't helpful at all. i'd rather have langsec, for sure! let's discuss cost... one much closer (near-term practical) than the other! awaiting your next treatise on the quantification of attack surface using appropriate cohort analysis of similar risk pools. best regards, -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
