Thursday, October 21, 2010

I’m not sure what it is, but I’m sure it’s rootable

I have no clue why anyone would still run RealPlayer. I’ve pretty much forgot that it existed.  But I know that those who know what it is and still run it are screwed. If they even know they are running it. They probably don’t. That makes them extra screwed.

If you accidently configure RDS in your Linux kernel, you’ve got something to fix.  From what I can see, we can blamethank Oracle for RootableReliable Datagram Sockets. You’d think that be now we’d be able to introduce something new and interesting without making the old & stable rootable.

I guess not.

If obscure media players and Infiniband protocols are rootable, the most popular OS in the world must be rootable, right? Yep, it’s rootable. Again. Damn. It’s probably also running Java, which makes it double-extra rootable. Speaking of Java, Microsoft thinks that there is an unprecedented wave of Java exploitations. I wonder who wrote the operating system that allows itself to be exploited by such an unprecedented wave. Waves aren’t unprecedented. They are periodic.

I used to think that running a non-Microsoft browser would help keep my desktops clean. I’m not sure anymore though. The alternatives don’t appear to be any less rootable. Nor does the running the best alternative operating system make you immune. Safer maybe, but immune? Nope. Not even close.

Adobe, apparently feeling rather left out by all the recent attention that Java has received, decided that Flash Player, Reader, Acrobat and Shockwave must be vulnerable too. Can’t let the competition leave you behind, can you? I can imagine some VP reading about Java exploits and demanding that all Adobe products support exploits too.

And of course if you are bored, you can remotely root a Blackberry Enterprise Server. All you need to do is have one of your poor sales schmuks open up a PDF on their Blackberry. Sounds like fun, eh? The sales droid opens a PDF, the system manager of the BES server gets screwed.

If it can surf the Internet, it can’t be secured.

No comments:

Post a Comment