On Fri, June 12, 2015 3:54 pm, jd1008 wrote:> > > On 06/12/2015 02:32 PM, Valeri Galtsev wrote: >> On Fri, June 12, 2015 3:20 pm, John R Pierce wrote: >>> On 6/12/2015 1:03 PM, Valeri Galtsev wrote: >>>> But the bottom line is the same: in both cases you are executing >>>> somebody's else code on your computer. >>> >>> your computer is *ALWAYS* executing someone elses code, unless you >>> wrote >>> every line of code in it, including the BIOS and the firmware of all >>> the >>> attached devices. >>> >> Indeed. What was never mentioned in this thread is a chain of trust. The >> level of trust to what you get from your system vendor, software vendors >> (be they open source or proprietary) may be quite different from the >> level >> of trust to what you get when clicking on some web link inside some >> search >> page, or on some website (even if you visit the website often). >> >> So, it is all about whom and what do you trust, and to what level can >> you >> afford to trust, and whether you are able to track the software code to >> the code origin. >> >> This all was what I implied when I said that short phrase which may look >> ridiculously if taken literally - exactly as you pointed out -, but may >> make sense if you take into account the chains of trust involved. >> >> Valeri >> > The more you know, the less you trust :) :) > Read the article: > http://www.kaspersky.comPlease, don't advertize Kaspersky here, especially when we are talking about trust. He is KGB guy (is, not was; the only way they retire from KGB, CIA, MI-5, and others is dead, feet first dead). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 06/12/2015 03:05 PM, Valeri Galtsev wrote:> On Fri, June 12, 2015 3:54 pm, jd1008 wrote: >> >> On 06/12/2015 02:32 PM, Valeri Galtsev wrote: >>> On Fri, June 12, 2015 3:20 pm, John R Pierce wrote: >>>> On 6/12/2015 1:03 PM, Valeri Galtsev wrote: >>>>> But the bottom line is the same: in both cases you are executing >>>>> somebody's else code on your computer. >>>> your computer is *ALWAYS* executing someone elses code, unless you >>>> wrote >>>> every line of code in it, including the BIOS and the firmware of all >>>> the >>>> attached devices. >>>> >>> Indeed. What was never mentioned in this thread is a chain of trust. The >>> level of trust to what you get from your system vendor, software vendors >>> (be they open source or proprietary) may be quite different from the >>> level >>> of trust to what you get when clicking on some web link inside some >>> search >>> page, or on some website (even if you visit the website often). >>> >>> So, it is all about whom and what do you trust, and to what level can >>> you >>> afford to trust, and whether you are able to track the software code to >>> the code origin. >>> >>> This all was what I implied when I said that short phrase which may look >>> ridiculously if taken literally - exactly as you pointed out -, but may >>> make sense if you take into account the chains of trust involved. >>> >>> Valeri >>> >> The more you know, the less you trust :) :) >> Read the article: >> http://www.kaspersky.com > Please, don't advertize Kaspersky here, especially when we are talking > about trust. He is KGB guy (is, not was; the only way they retire from > KGB, CIA, MI-5, and others is dead, feet first dead). > > ValeriI am not advertising, so please do not accuse anyone of this! Just citing evidence that infiltration of spyware and malware is far more sophisticated than anyone knew.
On Fri, June 12, 2015 4:16 pm, jd1008 wrote:> > > On 06/12/2015 03:05 PM, Valeri Galtsev wrote: >> On Fri, June 12, 2015 3:54 pm, jd1008 wrote: >>> >>> On 06/12/2015 02:32 PM, Valeri Galtsev wrote: >>>> On Fri, June 12, 2015 3:20 pm, John R Pierce wrote: >>>>> On 6/12/2015 1:03 PM, Valeri Galtsev wrote: >>>>>> But the bottom line is the same: in both cases you are executing >>>>>> somebody's else code on your computer. >>>>> your computer is *ALWAYS* executing someone elses code, unless you >>>>> wrote >>>>> every line of code in it, including the BIOS and the firmware of all >>>>> the >>>>> attached devices. >>>>> >>>> Indeed. What was never mentioned in this thread is a chain of trust. >>>> The >>>> level of trust to what you get from your system vendor, software >>>> vendors >>>> (be they open source or proprietary) may be quite different from the >>>> level >>>> of trust to what you get when clicking on some web link inside some >>>> search >>>> page, or on some website (even if you visit the website often). >>>> >>>> So, it is all about whom and what do you trust, and to what level can >>>> you >>>> afford to trust, and whether you are able to track the software code >>>> to >>>> the code origin. >>>> >>>> This all was what I implied when I said that short phrase which may >>>> look >>>> ridiculously if taken literally - exactly as you pointed out -, but >>>> may >>>> make sense if you take into account the chains of trust involved. >>>> >>>> Valeri >>>> >>> The more you know, the less you trust :) :) >>> Read the article: >>> http://www.kaspersky.com >> Please, don't advertize Kaspersky here, especially when we are talking >> about trust. He is KGB guy (is, not was; the only way they retire from >> KGB, CIA, MI-5, and others is dead, feet first dead). >> >> Valeri > I am not advertising, so please do not accuse anyone of this! > Just citing evidence that infiltration of spyware and malware > is far more sophisticated than anyone knew.Sorry if it sounded like that: didn't mean it to sound like accusation... I'm not native English speaker, you know ;-) Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++