[CentOS] C5 : Firefox 38 bug

Fri Jun 12 22:05:38 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, June 12, 2015 4:16 pm, jd1008 wrote:
> On 06/12/2015 03:05 PM, Valeri Galtsev wrote:
>> On Fri, June 12, 2015 3:54 pm, jd1008 wrote:
>>> On 06/12/2015 02:32 PM, Valeri Galtsev wrote:
>>>> On Fri, June 12, 2015 3:20 pm, John R Pierce wrote:
>>>>> On 6/12/2015 1:03 PM, Valeri Galtsev wrote:
>>>>>> But the bottom line is the same: in both cases you are executing
>>>>>> somebody's else code on your computer.
>>>>> your computer is *ALWAYS* executing someone elses code, unless you
>>>>> wrote
>>>>> every line of code in it, including the BIOS and the firmware of all
>>>>> the
>>>>> attached devices.
>>>> Indeed. What was never mentioned in this thread is a chain of trust.
>>>> The
>>>> level of trust to what you get from your system vendor, software
>>>> vendors
>>>> (be they open source or proprietary) may be quite different from the
>>>> level
>>>> of trust to what you get when clicking on some web link inside some
>>>> search
>>>> page, or on some website (even if you visit the website often).
>>>> So, it is all about whom and what do you trust, and to what level can
>>>> you
>>>> afford to trust, and whether you are able to track the software code
>>>> to
>>>> the code origin.
>>>> This all was what I implied when I said that short phrase which may
>>>> look
>>>> ridiculously if taken literally - exactly as you pointed out -, but
>>>> may
>>>> make sense if you take into account the chains of trust involved.
>>>> Valeri
>>> The more you know, the less you trust :) :)
>>> Read the article:
>>> http://www.kaspersky.com
>> Please, don't advertize Kaspersky here, especially when we are talking
>> about trust. He is KGB guy (is, not was; the only way they retire from
>> KGB, CIA, MI-5, and others is dead, feet first dead).
>> Valeri
> I am not advertising, so please do not accuse anyone of this!
> Just citing evidence that infiltration of spyware and malware
> is far more sophisticated than anyone knew.

Sorry if it sounded like that: didn't mean it to sound like accusation...
I'm not native English speaker, you know ;-)


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247