On Wednesday 17 June 2015 16:12:24 Timothy Pearson wrote:
On Wed, Jun 17, 2015 at 2:27 PM, Timothy Pearson
kb9vqf@pearsoncomputing.net wrote:
Perhaps we need both "security advisories" and "privacy advisories" these days?
Agreed. I would go so far as to say that a violation of privacy _is_ a violation of security.
Having a package go out and grab something without my permission, or knowledge, is a security hole.
Curt-
I agree in principle, however the current use of the phrase "security advisory" tends to imply that some kind of advanced persistent threat could be installed on the user's machine. From what I understand this is not possible in this case due to NaCl's sandboxing, however it becomes a security risk if any sensitive information is made available to the sandbox (e.g. privileged human to human voice conversations near the computer's microphone).
Yes, I'm nitpicking. :-)
Tim
No you are not Tim, its a real security hole, and one of the reasons I have not had a microphone plugged into any of my machines in several years. If I should buy a new machine, notebook lappy whatever, that had a mic in it, the wire will be cut as soon as I can locate it. And I am a C.E.T....
Cheers, Gene Heskett