Linux vulnerable to Windows-style autorun exploits

[leofelix]

Linux vulnerable to Windows-style autorun exploits

A security researcher has demonstrated how it might be possible to perform autorun-style attacks against weakly secured Linux PCs....

Research by Jon Larimer, of IBM's X-Force security division, shows that the issue of autorun causing possible mischief is not (as might have been previously thought) wholly irrelevant to Linux boxes. Larimer developed a demo to show how it might be possible to insert a USB stick with modified code into a Ubuntu PC to get rid of a screensaver without entering a password – and display the user's desktop.

The demo relied on taking advantage of a flaw in GNOME Evince document viewer that was patched in January and, even so, was kind of "weak" because it was shown on a machine with in-built exploit mitigation disabled, as Larimer himself clearly explains....

Read more

[INDRANIL]

Thanks for the info Leo .

[Boyfriend]

Thanks leofelix I suppose KDE (I prefer it too) is better than GNOME.

[sm1]

Thanks for the info I was thinking about downloading Gnome version of Debian 6. Now I may switch to KDE or LXDE

[Bearcat]

Thanks for the info Leo! This is good to know.

[hellnoire]

Thanks leofelix I suppose KDE (I prefer it too) is better than GNOME.

KDE and GNOME are just as good/bad as the other.

I use XFCE or LXDE or just command line only/BASH. The desktop environment is only second to what makes it tick, that is, the base system.

[Alboguy]

Fortunately popular distributions are well-supported and updated regularly. I believe this vulnerability will be fixed soon.

[Raymond]

Good read Leo.
Anyone remember how to beat the screen saver password on Windows 95? Simple Ctrl+Alt+Del and terminate the screen saver process.