Re: Thanks, everyone, for your comments Re: CIA Outlaw Country attack against CentOS / Rhel (and Fedora?) Is this credible?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tim: 
>> One day I noticed, while in the middle of browsing, that the "camera
>> is on" LED had lit up, though not noticing *when* it came on.  I
>> wasn't doing anything nefarious, so somewhere in the midst of a pile
>> of ordinary websites I'd browsed through, one of them was a nosey
>> parker.

stan:
> That's sobering.

Chances are it comes from content a website includes within itself from
an external source.  e.g. Advertising.  All someone has to do is inject
an active malware into the advertising that a plethora of websites
incorporate in their pages, and they've got an army of invaders.

>> The galling thing is that at no time was I asked to permit it to
>> happen, and my browser was set up so that it should.

> Yeah, the browser is really my main security risk.

I think it is for everyone.  It's a huge program full of errors, some of
them quite serious.  It's your main interface to the world, and you go
to all manner of places, most of them unplanned (unless you never use
search engines).  And you visit places which incorporate content from
other places (so even prudent browsing is more of a risk than you might
think it is).  And a web browser is a two-way mechanism (people really
forget that).

You've only got to do something like google how to make your printer do
some particular task to come up with a plethora of sites that purport to
provide that information.  These sites haven't written the help
information, though, they've just imported some other website's help
information, as an enticement to get you to load their nefarious page
wrapped up with the their own crap.

> I think it is also a manifestation of the convenience versus security
> trade-off.  Since most people surfing the web care more about
> convenience than security, browser market share is determined by that,
> and security plays second fiddle.

Yes, and as always, when *most* people don't give a damn, everyone
*else* suffers.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 
(always current details of the computer that I'm writing this email on)

Boilerplate:  All mail to my mailbox is automatically deleted, there is
no point trying to privately email me, I only get to see the messages
posted to the mailing list.

I reserve the right to treat other people in exactly the same way that
they treat me.


_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux