trinity-users@lists.pearsoncomputing.net

Message: previous - next
Month: June 2015

Re: [trinity-users] Fwd: [cryptography] chromium: unconditionally downloads binary blob

From: "Timothy Pearson" <kb9vqf@...>
Date: Wed, 17 Jun 2015 15:12:24 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA224

> On Wed, Jun 17, 2015 at 2:27 PM, Timothy Pearson
> <kb9vqf@...> wrote:
>> Perhaps
>> we need both "security advisories" and "privacy advisories" these days?
>
> Agreed. I would go so far as to say that a violation of privacy _is_ a
> violation of security.
>
> Having a package go out and grab something without my permission, or
> knowledge, is a security hole.
>
> Curt-

I agree in principle, however the current use of the phrase "security
advisory" tends to imply that some kind of advanced persistent threat
could be installed on the user's machine.  From what I understand this is
not possible in this case due to NaCl's sandboxing, however it becomes a
security risk if any sensitive information is made available to the
sandbox (e.g. privileged human to human voice conversations near the
computer's microphone).

Yes, I'm nitpicking. :-)

Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iFYEARELAAYFAlWB1KgACgkQLaxZSoRZrGEhRQDdEclOJI27JEwWnrKVuog6Sr3Z
Hm9VtOWxAY+8PgDfbS24BHgCgtTIiiY1YrjRYQ0SGeEzoJkg3+Y4sw==
=XhXK
-----END PGP SIGNATURE-----