[GTALUG] Fw: surprise!
Jamon Camisso
jamon.camisso at utoronto.ca
Mon Apr 10 08:35:11 EDT 2017
On 09/04/17 20:11, Mauro Souza wrote:
> Not probable. There's a few remote exploits for wget, but none would
> affect me, AFAIK. My /tmp is mounted with nodev noexec nosuid, and I create
> a directory for every "client".
>
> I usually download sites pretending to be my bank, or credit card, or some
> other entity I am not related to, and they usually ask me for login
> credentials, credit card information or to download and execute something.
> They are targeting clueless Windows' users, not savvy Linux users hunting
> malware sites.
>
> Next time I will use telnet to the server from inside a chroot in a Docker
> container, running on a virtual machine on a diskless computer booting
> from DVD, connected to the Starbucks WiFi. Just to be safe.
Maybe the DVD could be Qubes[1] for even more isolation.
[1] https://www.qubes-os.org/
Cheers, Jamon
More information about the talk
mailing list