|
|
Posted by John Williamson on 05/23/07 13:49
Jan Panteltje wrote:
>> As`it's open source, you are at liberty to inspect the source code to
>> see what it does or get a competent programmer to inspect it for you &
>> rewrite the offending part.
>
> Yes I can actually do that, even had the source of Mozilla ar one time,
> any idea how big those sources are??????
>
Too big for casual inspection, I know. I'm also not a programmer to any
extent more than I need for the odd SQL query or small BASIC program to
do a trivial job that ICBA doing by hand.
> Now I have some experience working through big sources, and it is very very tricky
> to be 100% sure you did not overlook something, I'd say there is no 100% guarantee,
> even if you have a team working at it.
>
There never is. A lot of software has stuff in it that isn't noticed for
ages, until someone spills the beans. It's always been the same, IME.
Heck, Excel had a flight simulator "hidden" in the code until at least
the 97 version:-)
I'm not sure if it's been removed even now.
I would expect though, if what you're suggesting has happened anywhere,
someone would have passed the information on.
>> As it's released under the GPL, you can then
>> distribute your version under the same licence.
>
> I started writing a web browser, in fact part of this news reader (NewsFleX see header I wrote it),
> but gave up as it was a moving target and a lot of duplicate work.
> There is lynx too....
>
Open source is a good idea if you're willing to make the effort. I find
most of it unreliable & with a poor user interface.
I can't try NewsFlex, as I don't run Linux, unless you've ported it to
'Doze.
>
>> I would think if there was any sinister purpose, we would have found out.
>
> See my remark above.
> It _is_ sinister as they pose as google, I even typed http://72.14.253.93/ in the browser
> and up came google search English although I am in .nl.
> of course now nothing comes up with the firewall :-)
>
Your headers say your news server is in Germany;-)
The IP address is one assigned to a particular machine in the Google
server farm, AFAICT. There's likely a different address that comes up
with a Dutch or German interface, or whatever language you want to use.
>
>> The default cache for Firefox holds 20 entries, by the way, & I set
>> Firefox & all other browsers to clear the URL cache on exit. The URLs on
>> the list I have here are from before I enabled this setting.
>>
>> This link came up while I was checking:-
>>
>> http://forums.mozillazine.org/viewtopic.php?t=550544&sid=62695685c30bf7ea6f93e6125f59b57c
>>
>> They're not worried.
>
> But I am:
>
Obviously.
> quote:
> # Phishing Protection is enabled?
>
> When Phishing Protection is used in default mode, no information about the
> -----------------------------------**************------------------------
> # sites you visit is sent to Mozilla or anti-phishing partners. Rather,
> # sites are checked against a local list that is downloaded to your computer
> # and updated on a regular basis. When sites are checked against online
> # anti-phishing services such as Google, the address of each web site you
> # visit is sent to the online service over a secure SSL connection. H
>
> end quote
>
> I have underlined something here, this already proves the mechanism is there
> to DO SEND the sites you visit.
> Now all we need is the secret command they need send to dump that data.
> Yes I have run snort (snort is a packet sniffer) but really have more fun things to do,
> firewall is much more effective.
> To be short: I want it to ask for permission to update (else it is illegal anyways),
> I want it off by default, I want them TO WORK UNDER THE COMPANY NAME THEY REALLY ARE.
> In fact I want it gone.
> Google, to me, although extremely useful, lends its name to all sorts of undercover
> operations it seems, some time ago I found some other search engine also using google address
> space IIRC.
>
It's there if you set it to be used. It's a radio button on the settings
page. If you set it not to check each site individually, it logs on
every so often, downloads a list of addresses, & should log off. That's
what's claimed.
The list it downloads is held on a Google server.
It can be disabled as well. I suspect it is set to run by default as
most users aren't aware enough of what their system is doing to spot a
spoof site.
How many users check for the padlock symbol in the notification area
when they log on to a secure site?
>
>> To be totally safe, though, just click the work offline item in the file
>> menu when you're not actually using the connection.
>
> mm
> I have now about 390 IP address (some of them all 256 at the time) in the firewall.
> Each and everyone of these did either an attack on my server, not respect robots.txt,
> or some undercover false flag operation without asking.
> How safe my system is.
> probably every security agency in the world reads what I type:_)
> LOL I have no illusions....
> Possibly more secure is when I pull the DSL plug :-)
>
The only truly secure computer is one that's not connected to a network,
& even then, data can be pulled off if someone has physical access to
the hardware.
By the way, the only traffic hitting me at the moment other than local
network stuff or stuff replying on deliberately open ports to stuff
originating here is from my ISP on port 1900 every 10 minutes or so.
That's blocked under firewall rules. (Not from here, so kill it). There
may be other stuff being blocked by the NAT in the router.
I'm not running a server, though, just a workstation
>> The server it connects to from here is, according to my firewall's
>> connection back tracing facility, at an IP address owned by Google &
>> physically located on one of their sites. The connection goes through
>> about 10 links. The really paranoid among us would worry about this
>> record being faked or a packet sniffer being installed at one of these
>> locations.
>
>
>> Alternatively, use IE & put up with what Billy boy does.
>
> Never, especially after saying Linux violates patents.
> Well let him reveal source, and let look at all the code they stole.
>
I don't like his stuff for other reasons. Unfortunately, some of the
hardware I need to use won't work under Linux.
I suspect it's an urban legend, but I've heard that the last code he
wrote himself was the 4K BASIC in DOS 2.11. I'll go no further into what
I've heard her, even though it's published stuff.
>> Or go to the dark side & use a Mac with Safari;-)
>
> Jobs _is_ a good sales person, but why pay 2x?
>
That's why I don't use iPods & other Apple goodies.
Tciao for Now!
John.
Navigation:
[Reply to this message]
|