On Tue, Jul 27, 2010 at 9:59 PM, Chris Irwin <span dir="ltr"><<a href="mailto:chris@chrisirwin.ca">chris@chrisirwin.ca</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Tue, 2010-07-27 at 20:50 -0400, Kyle Spaans wrote:<br>
> You've got me there. Mostly I was posting that link because it's an<br>
> interesting read and to show that there are least people thinking<br>
> about this kind of thing. It certainly does _not_ help my (admittedly<br>
> devil's advocate) argument much. :-)<br>
<br>
</div>Here's a common vector that could be used for Ubuntu:<br>
<br>
"Hey everybody, I just made updated firefox/pidgin/etc packages in my<br>
ppa! Let me know how they work!"<br>
<br>
Adding a PPA is down to a single command, they are GPG signed so as to<br>
avoid popping up security errors, and can provide any package (say,<br>
firefox and gksudo). Furthermore, the firefox package may itself provide<br>
extra files, or a postinst script that replaces gksudo (or any other<br>
file) with a modified version. etc.<br></blockquote><div><br>That is good old social engineering.<br><br>Works wonders and is cross platform! Rather platform agnostic.<br><br>Emailing an executable could work too.<br></div>
</div>-- <br>Khalid M. Baheyeldin<br><a href="http://2bits.com">2bits.com</a>, Inc.<br><a href="http://2bits.com">http://2bits.com</a><br>Drupal optimization, development, customization and consulting.<br>Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>
Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>