[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Outstanding critical issue for KDE 2.2
From:       Andy Fawcett <andy () athame ! co ! uk>
Date:       2001-08-02 6:53:28
[Download RAW message or body]

Hi,

I've snipped the entire body of comments from various people. Oh, and I am
not a core developer either, so feel free to drop this post in the
moderation process...

First, I work for a company making commercial security products, so I am
not unbiased in this matter.

From surveys carried out over the last few years, it has become very
apparent that it is not just the networked users who need to be secure.
It's not the multi-user systems either. It is everyone.

Typical case. You have a laptop, in a nice case, and you leave it in your
car while you have lunch. What's that? Somebody stole it? Believe me, it
happens. According to one survey, 319000 laptops were stolen in 1999 (ref
http://www.ecompany.com/articles/mag/0,1640,9294,FF.html ). It is not
clear, but from reading the article it looks like these were US cases.

"So what", I hear you ask? "Most of them were Windows based. Nobody will
crack my linux password".

That's bull. They don't even need to crack it, just take the HD out and
stick it in another machine, mount the partition, and read the data
straight off it.

And if that hard drive has a cached copy of any sensitive data from a HTTPS
transaction, the owner is stuffed.

Let's be proactive in security, not reactive. Close the bug now, because it
only takes one troll to post about it to slashdot and you can blow away all
the hard work people have done on KDE security.

Andy

-- 
Andy Fawcett          | "In an open world without walls and fences,
andy@athame.co.uk     | we wouldn't need Windows and Gates."  --anon
http://athame.ath.cx/ |

[prev in list] [next in list] [prev in thread] [next in thread]