You are not logged in.
Pages: 1
Lets talk here about some holes in xfce systems.
It is not bugs. Its undocumented items, that hackers can use.
We share it and developers can use it to icrease security systems.
Ok, lets start.
I found some chance to shut downany hotkeys in xubuntu session.
You should go to hotkeys (or something). There you add any key, e.g. Kp_Insert (or NumPad 0) and print command «0».
After that user try to print Zero, and after few times got success. Meanwhile any hotkeys stop working. If you launch gxneur then activate hotkey command that kills xneur daemon.
So if hacker substitute user's config file, he made first step to possess his computer.
What did you find?
Offline
I think this would have to depend on a Distro's security. I don't mean to bash Ubuntu or anything but it's not exactly THE MOST secure distro out there and substituting that config file would require physical access or a remote connection to your computer as well as root access. Personally with Linux I think things in the network are more vulnerable rather than operating system faults, not to say it doesn't happen because Red Hat servers were compromised not too long ago but the use of GPG keys on the software itself kept any real damage from being done (other than egos).
Last edited by escapingsummer (2011-04-14 03:00:55)
"True sophistication and ingenuity comes from trying to solve complicated things by the simplest of means."
Desktop- Fedora XFCE x86_64
Netbook- Modified Fedora 14 security spin -fluxbox/Fedora XFCE
Offline
if you need to substitute something at user's folders you don't need root access: only user's password.
Less you have unused accounts less vulnerable your computer
Offline
Then if it is only a user's config file damage to the system is minimal other than a few annoyances. The user config files can be easily replaced, I was assuming a more important config file. Things like menus and keyboard shortcuts aren't that critical and can be replaced easily if they were to become hacked. They would still need physical access to your computer or remote connection along with a password of some sort, the physical access and password are a users responsibility to make sure it remains secure, and remote connections should be monitored by an admin or the user themselves.
A more important config file like xorg.conf or perhaps the rc file in arch linux which tells among other things which daemons to initiate are important config files that I would worry about unwanted access to.
Last edited by escapingsummer (2011-04-15 15:16:00)
"True sophistication and ingenuity comes from trying to solve complicated things by the simplest of means."
Desktop- Fedora XFCE x86_64
Netbook- Modified Fedora 14 security spin -fluxbox/Fedora XFCE
Offline
Pages: 1
[ Generated in 0.010 seconds, 9 queries executed - Memory usage: 528.11 KiB (Peak: 529.02 KiB) ]