[Secure-testing-team] Disabling autorun by default
Nico Golde
debian-secure-testing+ml at ngolde.de
Mon Feb 14 17:24:31 UTC 2011
Hi,
* Michael Gilbert <michael.s.gilbert at gmail.com> [2011-02-14 13:03]:
> Just curious whether we should follow Microsoft's [0] and Ubuntu's [1]
> lead and make it a policy to disable desktop autorun options by default.
> Note that this was one of the flaws that allowed stuxnet to propagate to
> network isolated machines.
>
> So far, I've only checked xfce, and it has autorun enabled by default.
> If there is consensus that this would be a good thing, then I'll start
> submitting bugs.
Would be a good thing, definitely.
> Not sure if it would be worth pushing this in a point
> update for the stable releases also?
Doesn't require DSAs and should've happened before the release. This is
something for the next point update imho.
Cheers
Nico
P.S. Highly recommended kind of related talk:
http://www.shmoocon.org/speakers#usbautorun
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110214/63142c33/attachment.pgp>
More information about the Secure-testing-team
mailing list