Derek Fountain tapped away at the keyboard with:
I had to forward this link. This is so scary the more people that see it the better.
http://www.hackernews.com/bufferoverflow/99/nitmar/nitmar1.html
There is really nothing new in there. There are far greater threats to computers used for business from the "inside".
This is aimed it at Windows, but, given there's no lack of root exploits on Linux machines, this could easily be reworked to infiltrate then attack Linux boxes. As he points out, the only reason this hasn't been done so far is because the people who are capable of this sort of thing are too sensible to implement it.
It is appropriate IMHO to ensure that a) Systems are secure against authorised users; b) Superusers never access the Internet directly or use a browser/email program which executes unaudited code; c) Direct attacks (such as port scans) be detected, logged and acted against without delay, even if it means severing the Internet connection at the firewall. -- Bernd Felsche - Innovative Reckoning Perth, Western Australia -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq