Message: previous - next
Month: June 2015

Re: [trinity-users] Fwd: [cryptography] chromium: unconditionally downloads binary blob

From: Gene Heskett <gheskett@...>
Date: Wed, 17 Jun 2015 18:32:44 -0400
On Wednesday 17 June 2015 16:12:24 Timothy Pearson wrote:
> > On Wed, Jun 17, 2015 at 2:27 PM, Timothy Pearson
> >
> > <kb9vqf@...> wrote:
> >> Perhaps
> >> we need both "security advisories" and "privacy advisories" these
> >> days?
> >
> > Agreed. I would go so far as to say that a violation of privacy _is_
> > a violation of security.
> >
> > Having a package go out and grab something without my permission, or
> > knowledge, is a security hole.
> >
> > Curt-
> I agree in principle, however the current use of the phrase "security
> advisory" tends to imply that some kind of advanced persistent threat
> could be installed on the user's machine.  From what I understand this
> is not possible in this case due to NaCl's sandboxing, however it
> becomes a security risk if any sensitive information is made available
> to the sandbox (e.g. privileged human to human voice conversations
> near the computer's microphone).
> Yes, I'm nitpicking. :-)
> Tim

No you are not Tim, its a real security hole, and one of the reasons I 
have not had a microphone plugged into any of my machines in several 
years.  If I should buy a new machine, notebook lappy whatever, that had 
a mic in it, the wire will be cut as soon as I can locate it.  And I am 
a C.E.T....

Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <>