Mailinglist Archive: opensuse (2225 mails)
| < Previous | Next > |
Re: [opensuse] Scary enough for Halloween...
- From: Richard Creighton <ricreig@xxxxxxxxx>
- Date: Thu, 5 Nov 2009 01:01:36 -0500
- Message-id: <200911050101.37285.ricreig@xxxxxxxxx>
On Wednesday 04 November 2009 11:24:12 pm Basil Chupin wrote:
hacked. With Flash, the illicit data is exchanged in the course of an
otherwise valid communication which no firewall could possibly trap because it
is to/from a legitimate destination and port and protocol.
note to Rajko;
My ISP and I have a legally binding contract regarding what they can and
cannot do with the knowledge they gain about me because of the information I
supply them as a customer, such as name, address, financial information (in
the form of a credit card debit authorization), etc. If they violate that,
they are subject to a lawsuit which *could* make me more wealthy than the
exposure I tolerate by being a customer of that ISP. They have a duty, legal
and moral, to protect any data they may have/collect from/about me as a result
of my being a customer.
Hackers obtaining the same or similar information through worms, trojans,
viruses, phishing scams, keystroke capturing or whatever, do not have the same
contract and have no right to the information I supply to my ISP as a
customer.
BTW, it isn't just PRIVACY at issue here, it is the fact that these 'flookies'
can hold entire programs that can overcome the protection of the OS against
hacker activities. If I can change permissions via software, if I can read
and transmit the contents of a file via software, then malicious software can
do the same *without* my knowledge or permission. Flash has been hacked and
can and does have the ability to execute malicious code not written or
endorsed by Adobe, but because the base software is closed source, it is
nearly impossible for a user to detect the alterations made by hackers. Adobe
has admitted to 'bugs' in their software that require patches to prevent such
hacking. When and if they provide the patches, great and more power to them,
but what about the bugs they haven't patched?
With open-source, there are literally thousands of people that enjoy analyzing
the code of various programs in order to find bugs and exploitable code.
When the open-source community finds such things, it is often just hours
before the entire world has at its' disposal, a patched version for download.
No waiting for a vendor to weigh the cost of bad publicity, lawsuits or
whatever by admitting the error and then offering a fix, often in the form of
a 'new version' which incidentally, costs an upgrade fee.
Thank you....you've helped me make the point and increase my resolve to use
open-source software exclusively, if at all possible, and if not, to find
other ways to do a similar and acceptable job that does use open-source.
That article is precisely what I was talking about....not that Adobe, per se,
is a villain but that closed source software is often hacked by malicious
hacker types and when that happens, there is little or no recourse the end
user has to detect and combat it. With Open-Source software, one has a much
better chance to detect and combat such hacks. Why is Windows the #1 worst
offender and the most leaky, insecure piece of software it is? Closed
source. Why is LInux by comparison relatively solid and secure and hard to
infest with hacks? Open-Source. Now, I happen to think Adobe Flash does a
great job at what it is supposed to do. What I am afraid of is when it is
doing something I don't want it to do. Its' very nature, coupled with the
fact that it is closed-source, makes hacks that invade the privacy, such as it
is, difficult to detect and correct. That is why I keep asking for an open-
source alternative.
I don't have a problem with PAYING for good software, even open-source
software. I realize that the software itself isn't a big money maker
especially if it is open-source, but Red-Hat, Novell and others have certainly
found that it is possible to give the software away, but sell the service.
Give the razor (apps) away, charge for the blades (service)...
Richard
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
On 04/11/09 21:47, Rajko M. wrote:In order to make use of Ethereal or such, one needs to know they are being
On Tuesday 03 November 2009 14:32:40 Richard wrote:
...
When I find such animals, using OPEN SOURCE, at least I can have a
fighting chance at being able to track down what, who, and why if I have
any questions.
And what prevents you to run network monitoring tools, track down
Internet usage of every application on your computer, and setup firewall
to prevent connection to offending sites?
The type of binaries doesn't make a difference, open, close, whatever
source.
hacked. With Flash, the illicit data is exchanged in the course of an
otherwise valid communication which no firewall could possibly trap because it
is to/from a legitimate destination and port and protocol.
If you accessing Internet you have no privacy.
You shoot barrage on Flash violating your privacy, forgetting that your
ISP has much more data about your Internet habits than any advertising
company can ever imagine to collect using browser cookies and/or Flash.
What you going to do about that?
note to Rajko;
My ISP and I have a legally binding contract regarding what they can and
cannot do with the knowledge they gain about me because of the information I
supply them as a customer, such as name, address, financial information (in
the form of a credit card debit authorization), etc. If they violate that,
they are subject to a lawsuit which *could* make me more wealthy than the
exposure I tolerate by being a customer of that ISP. They have a duty, legal
and moral, to protect any data they may have/collect from/about me as a result
of my being a customer.
Hackers obtaining the same or similar information through worms, trojans,
viruses, phishing scams, keystroke capturing or whatever, do not have the same
contract and have no right to the information I supply to my ISP as a
customer.
BTW, it isn't just PRIVACY at issue here, it is the fact that these 'flookies'
can hold entire programs that can overcome the protection of the OS against
hacker activities. If I can change permissions via software, if I can read
and transmit the contents of a file via software, then malicious software can
do the same *without* my knowledge or permission. Flash has been hacked and
can and does have the ability to execute malicious code not written or
endorsed by Adobe, but because the base software is closed source, it is
nearly impossible for a user to detect the alterations made by hackers. Adobe
has admitted to 'bugs' in their software that require patches to prevent such
hacking. When and if they provide the patches, great and more power to them,
but what about the bugs they haven't patched?
With open-source, there are literally thousands of people that enjoy analyzing
the code of various programs in order to find bugs and exploitable code.
When the open-source community finds such things, it is often just hours
before the entire world has at its' disposal, a patched version for download.
No waiting for a vendor to weigh the cost of bad publicity, lawsuits or
whatever by admitting the error and then offering a fix, often in the form of
a 'new version' which incidentally, costs an upgrade fee.
Basil,
I know that this more appropriately belongs in offtopic but seeing as
how the Adobe Flash problem was mentioned by the OP in this thread I
thought it appropriate to post this:
Adobe patches critical bugs in Shockwave Player
Full story here:
http://www.infoworld.com/d/applications/adobe-patches-critical-bugs-in-shoc
kwave-player-892?source=rss_infoworld_news
BC
Thank you....you've helped me make the point and increase my resolve to use
open-source software exclusively, if at all possible, and if not, to find
other ways to do a similar and acceptable job that does use open-source.
That article is precisely what I was talking about....not that Adobe, per se,
is a villain but that closed source software is often hacked by malicious
hacker types and when that happens, there is little or no recourse the end
user has to detect and combat it. With Open-Source software, one has a much
better chance to detect and combat such hacks. Why is Windows the #1 worst
offender and the most leaky, insecure piece of software it is? Closed
source. Why is LInux by comparison relatively solid and secure and hard to
infest with hacks? Open-Source. Now, I happen to think Adobe Flash does a
great job at what it is supposed to do. What I am afraid of is when it is
doing something I don't want it to do. Its' very nature, coupled with the
fact that it is closed-source, makes hacks that invade the privacy, such as it
is, difficult to detect and correct. That is why I keep asking for an open-
source alternative.
I don't have a problem with PAYING for good software, even open-source
software. I realize that the software itself isn't a big money maker
especially if it is open-source, but Red-Hat, Novell and others have certainly
found that it is possible to give the software away, but sell the service.
Give the razor (apps) away, charge for the blades (service)...
Richard
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |