[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: security of the emacs package system, elpa, melpa and marmalade
|
From: |
Thomas Koch |
|
Subject: |
Re: security of the emacs package system, elpa, melpa and marmalade |
|
Date: |
Sat, 13 Sep 2014 19:57:15 +0200 |
|
User-agent: |
KMail/1.13.7 (Linux/3.14-0.bpo.2-amd64; KDE/4.8.4; x86_64; ; ) |
On Friday, September 27, 2013 05:04:55 PM Óscar Fuentes wrote:
> I don't think that comparing Emacs to a web browses used by tens of
> millions is fair. The later is a major attack target/vector for any
> crook, while Emacs is mostly uninteresting. No matter all the effort the
> Mozilla guys put on security, it is their web browser the real security
> threat on your system, not Emacs.
If I'd have criminal interest and the possibility to distribute malicious lisp
code to a few hundert emacs users I'd:
- collect all private ssh and gpg keys found in the victims homedir and access
data to their email accounts
- replace my attack lisp code with legitimate code after it has done its work
- sell the collected data to interested parties
I know that there are a lot of emacs users that are system administrators of
interesting targets.
Regards, Thomas Koch
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: security of the emacs package system, elpa, melpa and marmalade,
Thomas Koch <=