Security watchers say the Kama Sutra worm, which is programmed to overwrite files on infected Windows PCs today, will have a damaging but not catastrophic effect. The Kama Sutra worm (or Nyxem-E or Blackworm) poses as an email message offering a variety of salacious content. Subject lines used in the malicious emails include: The Best Videoclip Ever, Fw: SeX.mpg, Miss Lebanon 2006 and Fuckin Kama Sutra pics. The worm, which can also spread across network shares, only affects Windows PCs.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2006-01-17
Member since:2005-07-06
yes, there are safeguards against it.
first and foremost...
all files you download are simply that, files.
you have to make them executable, then run them.
Sometimes however, you can download a binary file from a webpage with the execute bit set, but that leads to the next stage.......
Permissions.
although YOU downloaded the file and YOU set the execute bit to true, if you had a titter of wit about you, you would have already set up your partitions so that files on /home cannot run, so any downloads on there will need to be physically moved into your path so that they can run.
As you can see, malware would be ineffective against safegaurds like these. Any that did find its way into your system would sit there dead in your /home
HOWEVER
I have seen some people set up there systems so that users can run programs from their /home. This is VERY bad practice, and destroys one of the defenses Linux has over malware.
Member since:2005-07-07
Remember please that scripts dont come executable in Linux
Why don't they? Is that just by convention or is there actually some safeguard which prevents it?
That is due to umask. When you download a file it is created as a new file. All new files in Linux have their permission set from the umask which is by default 022 on most systems.
The permissions are umask & 077, so umask of 022 is 644 which is -rw-r--r-
if you create a file that is a script in Linux you will then have to chmod the permissions to execute before it is run.
Yes this is a security safeguard.
Member since:2005-06-30
If they can click an executable file, they can make the script executable by changing its permissions... Never overestimate the user when it comes to attachements. At first, the complexity of the commands (compared to point and click) might put them off, but if they want to see that Miss Lebanon, they will try to.
Call me a pessimist, but if some people are gullible enough to open an attachement from an unknown source...
Member since:2005-11-12
Official Apple statement on PRISM and privacy: "Regardless of the circumstances, our Legal team conducts an evaluation of each request and, only if appropriate, we retrieve and deliver the narrowest possible set of information to the authorities. In fact, from time to time when we see inconsistencies or inaccuracies in a request, we will refuse to fulfill it." This is basically Apple re-publishing their earlier statement in a more official manner. You either believe it, or you don't.
The open source Contiki operating system and its commercial Thingsquare distribution are making strides towards the connected home. According to a Computerworld article, a new LED light bulb manufacturer is putting small computers into their light bulbs. Each computer runs the Contiki OS, which gives each bulb an IP address and allows them to be controlled with a smartphone application. To connect the bulbs to the application, the bulbs use both Wi-Fi and the much lower power IEEE 802.15.4 mesh technology.
"Google asked the secretive Foreign Intelligence Surveillance Court on Tuesday to ease long-standing gag orders over data requests it makes, arguing that the company has a constitutional right to speak about information it's forced to give the government. The legal filing, which cites the First Amendment's guarantee of free speech, is the latest move by the California-based tech giant to protect its reputation in the aftermath of news reports about sweeping National Security Agency surveillance of Internet traffic." Draining the ditch after the cow has drowned in it."I can't find one person who has been using the Nexus 7 for an extended period of time, and hasn't seen a massive downgrade in performance. Just what kind of downgrade are we talking here? I cannot pick up my Nexus 7 without experiencing problems like a lag of ten seconds, or more, just to rotate the display; touches refusing to acknowledged; stuttering notification panel actions; and unresponsive apps." Fully and utterly agreed. My Nexus 7 was blazing-fast and awesome for a few months, and at some point, it just started sucking. Just like that. I've tried loads of ROMs, and nothing helps.A new release of the hobby operating system MenuetOS! The release notes are a bit non-descript, but you'll have to take what you can get: "updates and improvements (picview, httpc, ehci, ...)"."The Internet is one of the most transformative technologies of our lifetimes. But for 2 out of every 3 people on earth, a fast, affordable Internet connection is still out of reach. And this is far from being a solved problem. There are many terrestrial challenges to Internet connectivity - jungles, archipelagos, mountains. There are also major cost challenges. Right now, for example, in most of the countries in the southern hemisphere, the cost of an Internet connection is more than a month's income. Solving these problems isn't simply a question of time: it requires looking at the problem of access from new angles. So today we're unveiling our latest moonshot from Google[x]: balloon-powered Internet access." Insane.
"MineAssemble is a tiny bootable Minecraft clone written partly in x86 assembly. I made it first and foremost because a university assignment required me to implement a game in assembly for a computer systems course. Because I had never implemented anything more complex than a 'Hello World' bootloader before, I decided I wanted to learn about writing my own kernel code at the same time. Note that the goal of this project was not to write highly efficient hand-optimized assembly code, but rather to have fun and write code that balances readability and speed. This is primarily accomplished by proper commenting and consistent code structuring." Just cool.
Jon Rubinstein, former CEO of Palm: "Well, I'm not sure I would have sold the company to HP. That's for sure. Talk about a waste. Not that I had any choice because when you sell a company you don't get to decide that. Obviously, the board and shareholders decide that. If we had known they were just going to shut it down and never really give it a chance to flourish, what would have been the point of selling the company? I think the deal we had with Verizon really hurt us, but who knew that at the time? These things are all hindsight.""And so it is with Dell's Alienware X51 R2, a small form factor gaming PC in console digs. It's shaped similar to Microsoft's Xbox 360 Slim, and though it's slightly larger than either a 360 or PlayStation 3, the X51 R2 would be right at home in a living room setting nestled next to a large screen TV. Indeed, it's adept at running Steam's Big Picture mode, and if your primary objective is to play games in the living room, go ahead and consider the X51 R2 a hybrid game console." This is obviously not the only machine like this - still, these are very valid console alternatives even for those that don't like being hunched over with a cramped WASD-claw. Also, PC gamers among us: could you get away with the $699 model for gaming?
From Bloomberg: "Microsoft, the world's largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes." The lid has officially been blown off.
Member since:
2005-11-12
Your saying linux users are more techie people, yet you think they would make this script execuable?, thats a contradiction. Remember please that scripts dont come executable in Linux. since this is what makes Linux desktop much more secure.