On Fri, June 12, 2015 3:20 pm, John R Pierce wrote:> On 6/12/2015 1:03 PM, Valeri Galtsev wrote: >> But the bottom line is the same: in both cases you are executing >> somebody's else code on your computer. > > > your computer is *ALWAYS* executing someone elses code, unless you wrote > every line of code in it, including the BIOS and the firmware of all the > attached devices. >Indeed. What was never mentioned in this thread is a chain of trust. The level of trust to what you get from your system vendor, software vendors (be they open source or proprietary) may be quite different from the level of trust to what you get when clicking on some web link inside some search page, or on some website (even if you visit the website often). So, it is all about whom and what do you trust, and to what level can you afford to trust, and whether you are able to track the software code to the code origin. This all was what I implied when I said that short phrase which may look ridiculously if taken literally - exactly as you pointed out -, but may make sense if you take into account the chains of trust involved. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 06/12/2015 02:32 PM, Valeri Galtsev wrote:> On Fri, June 12, 2015 3:20 pm, John R Pierce wrote: >> On 6/12/2015 1:03 PM, Valeri Galtsev wrote: >>> But the bottom line is the same: in both cases you are executing >>> somebody's else code on your computer. >> >> your computer is *ALWAYS* executing someone elses code, unless you wrote >> every line of code in it, including the BIOS and the firmware of all the >> attached devices. >> > Indeed. What was never mentioned in this thread is a chain of trust. The > level of trust to what you get from your system vendor, software vendors > (be they open source or proprietary) may be quite different from the level > of trust to what you get when clicking on some web link inside some search > page, or on some website (even if you visit the website often). > > So, it is all about whom and what do you trust, and to what level can you > afford to trust, and whether you are able to track the software code to > the code origin. > > This all was what I implied when I said that short phrase which may look > ridiculously if taken literally - exactly as you pointed out -, but may > make sense if you take into account the chains of trust involved. > > Valeri >The more you know, the less you trust :) :) Read the article: http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
On Fri, June 12, 2015 3:54 pm, jd1008 wrote:> > > On 06/12/2015 02:32 PM, Valeri Galtsev wrote: >> On Fri, June 12, 2015 3:20 pm, John R Pierce wrote: >>> On 6/12/2015 1:03 PM, Valeri Galtsev wrote: >>>> But the bottom line is the same: in both cases you are executing >>>> somebody's else code on your computer. >>> >>> your computer is *ALWAYS* executing someone elses code, unless you >>> wrote >>> every line of code in it, including the BIOS and the firmware of all >>> the >>> attached devices. >>> >> Indeed. What was never mentioned in this thread is a chain of trust. The >> level of trust to what you get from your system vendor, software vendors >> (be they open source or proprietary) may be quite different from the >> level >> of trust to what you get when clicking on some web link inside some >> search >> page, or on some website (even if you visit the website often). >> >> So, it is all about whom and what do you trust, and to what level can >> you >> afford to trust, and whether you are able to track the software code to >> the code origin. >> >> This all was what I implied when I said that short phrase which may look >> ridiculously if taken literally - exactly as you pointed out -, but may >> make sense if you take into account the chains of trust involved. >> >> Valeri >> > The more you know, the less you trust :) :) > Read the article: > http://www.kaspersky.comPlease, don't advertize Kaspersky here, especially when we are talking about trust. He is KGB guy (is, not was; the only way they retire from KGB, CIA, MI-5, and others is dead, feet first dead). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Fri, 2015-06-12 at 14:54 -0600, jd1008 wrote:> The more you know, the less you trust :) :) > Read the article: > http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionageSeems their concerns relate to Micro$oft Windoze systems. Luckily I use superior Centos :-) -- Regards, Paul. England, EU. England's place is in the European Union.
On 06/13/2015 08:54 AM, jd1008 wrote:> > > The more you know, the less you trust :) :) > Read the article: > http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage > >Got love a page that asserts dozens of alarming things with no examples, references or links to further reading, on top of that my understanding is that the principals of this domain are (ex) KGB agents. Incendiary writing designed to create fear and angst.> _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos