I don't think virus-writers need any more good luck... But local root vulnerability means they can only compromise a few tens of thousands of people at a time
Agreed with your point however he states "virus writers", which refer to one or one group of associated writers can comprimise tens of thousands of people, in the context of "versus" rather than the whole internet, seems to imply 10,000+ machines not "user accounts" given the implicit design of "virii" (or more accurately worms) in their spread..if 10,000 users of one box are comprimised ie, one rooted machine, then a worm/virus obviously is not the method in which this "spreads". It's simply the context in which he stated what he did. My statement suited my view of what he stated. Though I am fully in agreement that one box with X number of users is comprimised, X number of people have been comrpimised since root can see all and use all of those accounts...
robf();
** I don't think virus-writers need any more good luck... But local root vulnerability means they can only compromise a few tens of thousands of people at a time (for example university shell accounts) rather than the whole internet (which would need a remote vulnerability. **
I don't think you understand Local Vulnerabities, local vulnerability doesn't mean they can gain access to a "local account" it means they REQUIRE one. For example. if you are at a University and you have a shell account, you personally can exploit this and gain root on the machine your accounts exists for. This does not mean you can get access to your buddies account on some box with the exploitable kernel just because he has a "local shell" not without actually gaining access to a shell can this be exploited.
Slashdot Mirror
I don't think virus-writers need any more good luck... But local root vulnerability means they can only compromise a few tens of thousands of people at a time
Agreed with your point however he states "virus writers", which refer to one or one group of associated writers can comprimise tens of thousands of people, in the context of "versus" rather than the whole internet, seems to imply 10,000+ machines not "user accounts" given the implicit design of "virii" (or more accurately worms) in their spread..if 10,000 users of one box are comprimised ie, one rooted machine, then a worm/virus obviously is not the method in which this "spreads". It's simply the context in which he stated what he did. My statement suited my view of what he stated. Though I am fully in agreement that one box with X number of users is comprimised, X number of people have been comrpimised since root can see all and use all of those accounts... robf();
** I don't think virus-writers need any more good luck... But local root vulnerability means they can only compromise a few tens of thousands of people at a time (for example university shell accounts) rather than the whole internet (which would need a remote vulnerability. **
I don't think you understand Local Vulnerabities, local vulnerability doesn't mean they can gain access to a "local account" it means they REQUIRE one. For example. if you are at a University and you have a shell account, you personally can exploit this and gain root on the machine your accounts exists for. This does not mean you can get access to your buddies account on some box with the exploitable kernel just because he has a "local shell" not without actually gaining access to a shell can this be exploited.
robf();