Liste des Groupes | Revenir à col misc |
The Natural Philosopher <tnp@invalid.invalid> writes:Richard Kettlewell wrote:The Natural Philosopher <tnp@invalid.invalid> writes:On 07/05/2024 23:01, Richard Kettlewell wrote:Obviously impossible to say.I don’t think I said “panacea”. But it’s pretty obvious that>
eliminating them would close down an entire attack class. That’s
worth a lot, and steps toward it should be welcomed.
How many serious attacks have been successfully launched using
'sudo'?
How many serious attacks have been detected and were successfully
launched using 'sudo'?
Again, obviously impossible to say.
I don’t have any more access to incident reports from targets (or
attackers l-) than you do. What I can do in their absence is assess the
risk associated with various APIs, components, configurations, etc,
based on understanding of how they work, direct and indirect experience
over the last few decades, and so on. Reasonable people can certainly
disagree about that assessment but the poor availability of evidence of
actual compromises is a hopeless foundation for any conclusions.
Les messages affichés proviennent d'usenet.