Tim: >> One day I noticed, while in the middle of browsing, that the "camera >> is on" LED had lit up, though not noticing *when* it came on. I >> wasn't doing anything nefarious, so somewhere in the midst of a pile >> of ordinary websites I'd browsed through, one of them was a nosey >> parker. stan: > That's sobering. Chances are it comes from content a website includes within itself from an external source. e.g. Advertising. All someone has to do is inject an active malware into the advertising that a plethora of websites incorporate in their pages, and they've got an army of invaders. >> The galling thing is that at no time was I asked to permit it to >> happen, and my browser was set up so that it should. > Yeah, the browser is really my main security risk. I think it is for everyone. It's a huge program full of errors, some of them quite serious. It's your main interface to the world, and you go to all manner of places, most of them unplanned (unless you never use search engines). And you visit places which incorporate content from other places (so even prudent browsing is more of a risk than you might think it is). And a web browser is a two-way mechanism (people really forget that). You've only got to do something like google how to make your printer do some particular task to come up with a plethora of sites that purport to provide that information. These sites haven't written the help information, though, they've just imported some other website's help information, as an enticement to get you to load their nefarious page wrapped up with the their own crap. > I think it is also a manifestation of the convenience versus security > trade-off. Since most people surfing the web care more about > convenience than security, browser market share is determined by that, > and security plays second fiddle. Yes, and as always, when *most* people don't give a damn, everyone *else* suffers. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 (always current details of the computer that I'm writing this email on) Boilerplate: All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I only get to see the messages posted to the mailing list. I reserve the right to treat other people in exactly the same way that they treat me. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx