<div>This is a very well written article. I think that the theory behind this is more of a social engineering excersise than a hack, however it does outline some fundamental flaws in our assumptions about our desktops. Most of us in the Linux community think that we sit here in our in-penetrable bubbles of safe, secure code, due to the open source community in effect managing itself as far as security is concerned. This is in my opinion, more of an issue of alertness as to what you do with your system.</div>
<div> </div>
<div> </div>
<div>The flaws here are a direct result, in my opinion, of the "dumbing down" of linux. Perhaps that is not the right term to use. </div>
<div> </div>
<div>For years and years, the main issue with linux not becoming mainstream was useability. The expert base of linux was its safety net for years. Of course, to move forward, Linux had to become more accessible to standard users. An improvement in useability, does not have to, but generally tends to result in a reduction in security. "Too many ways to access things, not enough ways to prevent access to things". </div>
<div> </div>
<div> </div>
<div>A completely secure system, is NOT an easily useable system. non-tech savvy people will always have issues with using secure systems. So, rather than take measures reduce the operating system to their level of useability, Open source communities need to make *learning* the operating system easier. </div>
<div> </div>
<div>Up until now, Linux has been the Elite, rock solid secure OS that it always has been, whilst slowly becoming more useable. I think now is the point, with user friendly distributions of linux becoming mainstream such as Ubuntu, where linux is crossing the very fine sweet spot between security and useability, in order to grab that extra 1% of market share. </div>
<div> </div>
<div> </div>
<div>Do we really want to cross that line, for the sake of going mainstream? Or do we want a product which is secure, whilst <strong>teaching</strong> those that wish to learn it?<br><br></div>
<div class="gmail_quote">On Wed, Feb 11, 2009 at 1:50 AM, azmodie <span dir="ltr"><<a href="mailto:azmodie@gmail.com">azmodie@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">so what the ethical hackers opinions on this then ?<br><br>azmodie<br><br>---------- Forwarded message ----------<br>
From: alan c<br>Date: 2009/2/10<br>Subject: [ubuntu-uk] How to write a Linux virus in 5 easy steps?<br>To: British Ubuntu Talk<br><br><br>In the open and sharing spirit of FOSS I offer a heads up to a well<br>written item which looks like it needs some actions in response.<br>
There may be some nice debate about a definition here or there, but<br>the real world is in this article as far as I can see.<br><br>I trust it will not be long before I can feel just a little safer?<br>comments welcomed.<br>
<br>I should say that if you have seen other items and comments about<br>'linux viruses' then what you read is probably still true, in a strict<br>sense. However, I cannot fault the information given in this item, and<br>
it does seem that some action can be sensibly taken by both the gnome<br>and kde teams.<br><br>(and well done, the thunar project!!)<br><br>Article:<br>How to write a Linux virus in 5 easy steps<br><a href="http://www.geekzone.co.nz/foobar/6229" target="_blank">http://www.geekzone.co.nz/foobar/6229</a><br>
<font color="#888888">--<br>alan cocks<br><br>_______________________________________________<br>dundee GNU/Linux Users Group mailing list<br><a href="mailto:dundee@lists.lug.org.uk">dundee@lists.lug.org.uk</a> <a href="http://dundee.lug.org.uk/" target="_blank">http://dundee.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/dundee" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/dundee</a><br>Chat on IRC, #tlug on <a href="http://dundee.lug.org.uk/" target="_blank">dundee.lug.org.uk</a><br>
</font></blockquote></div><br><br clear="all"><br>-- <br><br><br>Nick Walker<br>Vice President : The Linux Society<br>UAD Ethical Hacker<br>