Serious security flaw in KDE

tibby.dude said:
The flaw ... could allow a remote attacker to gain control over vulnerable systems.
If I understand correctly, this can happen only if you're browsing as root (unless Konqueror is running with setuid 0, which I would hope not!). So it's unlikely that a remote attacker could easily "take over your system" per se (they would first have to find another vulnerability in order to escalate from user to system privileges). But to be sure, even having user-level privileges is still a very bad thing, as they could e.g. steal confidential company info or intellectual property from your user folder. Nonetheless you have to actually visit a malicious website, so all in all this doesn't seem like much to worry about.

Note that certain people here have been known to argue that Windows is secure IF you keep up to date with the patches, i.e. that getting infected/hacked is the user's fault (and not MS) if they didn't patch. Given that a fix is already available for this vulnerability, perhaps those people should apply the same standard here and simultaneously defend the system while blaming users for not patching ... right?

The notion of how "secure" a software system is is not a discrete, binary "yes" or "no", there can be vastly different levels of "secure". Implying that all systems are equally insecure on the basis that all systems have bugs, is about as misguided an assertion as suggesting that all cars are 'equally unreliable' on the basis that "all cars give problems sometimes". Or suggesting that all houses are 'equally easy' to break into on the basis that no home security system is totally foolproof. Etc. etc.

Finally, this does not and cannot prove anything at all about "so much for many eyeballs" because the "many eyeballs" thing has never been applied to the Windows source code. I say let's allow millions of hackers access to the Windows source code and then we'll talk again.

tibby.dude said:
or to piss of Microsoft (IBM)
As entertaining a notion as that might seem to us "spectators", companies don't make such major focus shifts just to "piss off" other companies. Business is not like WWE. IBM is putting money into Linux purely because they see other core markets eroding while Linux is a growth market that they expect (or hope) to be able to make money from in the medium to long term.
 
Last edited:
I read about this on slashdot a few days back and that time there was allready a patch for it.

Windows patches usually take a bit longer to become available since the public can't fix it themselves.
 
Top
Sign up to the MyBroadband newsletter
X