On Wed, Jul 21, 2021 at 02:38:50PM -0400, Celejar wrote: > > > > > https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/ > > > > > > > > Requires Java to be installed. A rare case on a Linux *desktop*. > > > > > > Rare? I don't have statistics, but on one of my Linux desktops, I do > > > some development work for Android, using IntelliJ IDEA / Android Studio, > > > which depend on at least some Java components. > > > > Numbers show that I was incorrect. Let's call it "unlikely" instead of > > "rare". Let the popcon graphs speak for themselves: > > > > https://qa.debian.org/popcon.php?package=firefox-esr > > vs > > https://qa.debian.org/popcon.php?package=openjdk-11 > > I'm not sure I'm reading the numbers correctly, but the openjdk-11-jre > figures are 26-29% (as opposed to firefox-esr's 42%) - hardly "unlikely."
I was referring to absolute numbers, which are 57847 and 83915 respectively. Looks like I was incorrect again, I looked at jre, not jdk. Ok, let's make this "common". I wonder which software (that requires JDK) is provided by Debian and is that popular. > > True. Every version of Chromium and Firefox fixes at least one. > > Most of said vulnerabilities do cannot be used to get Remote Code > > Execution (RCE) though. Which leaves us with "random download" scenario, > > which I've discussed above. > > Most, yes. But the pwn2own hackers, for example, seem to pretty > routinely get RCE on the major browsers, so I wouldn't bet my data that > ransomware authors won't as well: > > https://www.zerodayinitiative.com/blog/2019/3/21/pwn2own-vancouver-2019-day-two-results > https://www.bleepingcomputer.com/news/security/researchers-earn-1-2-million-for-exploits-demoed-at-pwn2own-2021/ Given the amount of money and the publicity these people earn - I'd be surprised if they did not find anything. Still, it's one (ok, several) RCE per year, and due to the nature of pwn2own - it's unlikely that such vulnerabilities are common knowledge before the actual pwn2own event, and they're patched afterwards. Reco
