lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: petard at sdf.lonestar.org (petard)
Subject: (no subject)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Jun 22, 2003 at 07:42:01PM -0700, Muhstik Botha wrote:
>     I just accessed a page which ejects my CD-ROM tray. Is this consider privacy or security breaching? I'm no expert on pertinent subject. For me, i don't like ppl be able to fool around with my CDROM tray when i open their website. Any comments? Thanks.
>
While ejecting your CD-ROM is both annoying and disturbing, I doubt
that it poses any serious threat to either your privacy or your
security. The very fact that it is possible might make you think that
more serious breaches are possible, and you'd be correct:

http://www.pivx.com/larholm/unpatched/

Not only can people eject your CDROM tray when you open their website,
they can most probably execute any code they want, reading and writing
any data that you yourself can. This is because you use defective
software running on a defective operating system to access the internet
and view untrusted (or wrongfully trusted) content. Because software in
general comes with no warantee, you have little recourse. If you don't
like the fact these breaches are possible, you should use a better
browser, preferably on a better OS, to view untrusted content. And don't
trust any content coming from other people you don't know and trust.

HTH

petard

- --
"I'm not a robot like you. I don't like having disks crammed into me...
unless they're Oreos, and then only in the mouth."
		-- Fry (Futurama)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE+9vEkgkiZ59A0kiQRAvTbAJ4gWyt3lgENfx1PqQZrH5UHqBju3wCfU2dp
sj76+1r1HWWUJrpOhsvSGQ8=
=fH3R
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ