17 Jun
2015
17 Jun
'15
10:32 p.m.
On Wednesday 17 June 2015 16:12:24 Timothy Pearson wrote:
No you are not Tim, its a real security hole, and one of the reasons I
have not had a microphone plugged into any of my machines in several
years. If I should buy a new machine, notebook lappy whatever, that had
a mic in it, the wire will be cut as soon as I can locate it. And I am
a C.E.T....
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
On Wed, Jun
17, 2015 at 2:27 PM, Timothy Pearson
<kb9vqf(a)pearsoncomputing.net> wrote:
I agree in principle, however the current use of the phrase "security
advisory" tends to imply that some kind of advanced persistent threat
could be installed on the user's machine. From what I understand this
is not possible in this case due to NaCl's sandboxing, however it
becomes a security risk if any sensitive information is made available
to the sandbox (e.g. privileged human to human voice conversations
near the computer's microphone).
Yes, I'm nitpicking. :-)
Tim Perhaps
we need both "security advisories" and "privacy advisories" these
days?
Agreed. I would go so far as to say that a violation of privacy _is_
a violation of security.
Having a package go out and grab something without my permission, or
knowledge, is a security hole.
Curt-