On Tue, 15 Nov 2005, SOTL wrote:
> On Sunday 13 November 2005 01:10 pm, Paul M Foster wrote:
> >
> > We discussed this at the Dunedin meeting, but let's be more precise
> > about the setup in asking the question. Let's assume the computer is
> > connected to the internet via a firewall. Let's assume there are no
> > other users on the local LAN where the machine lives, and 0% likelihood
> > that some local user would exploit a software security flaw. Let's
> > assume the usual complement of services running on the box, like an MTA,
> > init, perhaps a SQL database server, cron, portmapper, etc.-- the usual
> > things a user would have running privileged on their computer. And let's
> > assume that the user, in conducting day-to-day activities, is running as
> > an unprivileged user. And in answering the question, assume one of two
> > scenarios: the firewall is not advertising to the internet anything
> > other than perhaps the SSH port, or the firewall is presenting an HTTP
> > port, SSH port and an FTP port. You can assume the user is actively
> > working on the machine, or away from the box.
> >
> > The question is: under either one of these scenarios, could a serious
> > hacker install a rootkit, and how?
>
> Play a Sony music CD.
That wouldn't be Joe Malcontent doing it, that would be Sony doing it.
Actually that would be _you_ installing Sony's rootkit.
--
-eben ebQenW1@EtaRmpTabYayU.rIr.OcoPm home.tampabay.rr.com/hactar
"God does not play dice" -- Einstein
"Not only does God play dice, he sometimes throws
them where they can't be seen." -- Stephen Hawking
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:06:12 EDT