[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-community
Subject: Re: Input on privacy goal
From: Valorie Zimmerman <valorie.zimmerman () gmail ! com>
Date: 2018-01-21 22:05:52
Message-ID: CACpu027VOmH6wX1GomySAfixo3K0T=zfwVMmTTB5GCWAqbafhw () mail ! gmail ! com
[Download RAW message or body]
On Fri, Jan 19, 2018 at 12:24 PM, Carsten Pfeiffer <pfeiffer@kde.org> wrote:
> Am Freitag, 19. Januar 2018, 15:30:25 CET schrieb Volker Krause:
>
Hi,
>
> > Here are some thoughts on threat models for this, as a possible way to
> > better capture what we want to achieve.
>
> that's a good start!
>
> I'd like to add
>
> 6) Rogue local software
>
> Assume you run any kind of software not coming from a trusted source (your
> distribution). E.g. you clone a github repo and run the code. That code may
> pull in further untrusted dependencies (maven, node, ...). It should be
> easy
> to protect your personal data, kwallets, browser history, etc. and local
> network from that code.
>
> Possible counter-measures: easy and configurable sandboxing
>
> Thanks
> Carsten
>
On just this "rogue code" see this enjoyable post:
https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your-site-here-s-how-9a8cb347c5b5
Valorie
--
http://about.me/valoriez
[Attachment #3 (text/html)]
<div dir="ltr"><div><div class="gmail_extra"><div class="gmail_quote">On Fri, Jan 19, \
2018 at 12:24 PM, Carsten Pfeiffer <span dir="ltr"><<a \
href="mailto:pfeiffer@kde.org" target="_blank">pfeiffer@kde.org</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Am Freitag, 19. Januar \
2018, 15:30:25 CET schrieb Volker Krause: <br></blockquote><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> Hi,<br>
<span class="gmail-"><br>
> Here are some thoughts on threat models for this, as a possible way to<br>
> better capture what we want to achieve.<br>
<br>
</span>that's a good start!<br>
<br>
I'd like to add<br>
<br>
6) Rogue local software<br>
<br>
Assume you run any kind of software not coming from a trusted source (your<br>
distribution). E.g. you clone a github repo and run the code. That code may<br>
pull in further untrusted dependencies (maven, node, ...). It should be easy<br>
to protect your personal data, kwallets, browser history, etc. and local<br>
network from that code.<br>
<br>
Possible counter-measures: easy and configurable sandboxing<br>
<br>
Thanks<br>
<span class="gmail-HOEnZb"><font color="#888888">Carsten<br>
</font></span></blockquote></div><br><br>On just this "rogue code" see this \
enjoyable post: <div><br></div><div><a \
href="https://hackernoon.com/im-harvesting-credit-card-numbers-and-passwords-from-your \
-site-here-s-how-9a8cb347c5b5">https://hackernoon.com/im-harvesting-credit-card-number \
s-and-passwords-from-your-site-here-s-how-9a8cb347c5b5</a></div><div><br></div><div>Valorie</div><div><br></div>-- \
<br><div class="gmail_signature"><a href="http://about.me/valoriez" \
target="_blank">http://about.me/valoriez</a><br></div> </div></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic