On 11/29/2011 10:59 AM, drago01 wrote:
2011/11/29 "Jóhann B.
Guðmundsson"<johannbg(a)gmail.com>:
> On 11/29/2011 01:19 AM, Peter Robinson wrote:
>> 2011/11/29 "Jóhann B. Guðmundsson"<johannbg(a)gmail.com>:
<snip>
> Good that CVE-2011-4129 is fixed however I still would like to
> disable/remove this all together since I have no interest at all having
> my desktop making arbitrary connections and feeding social network sites
> what I am doing on the computer behind my back.
It does not do that.
Well apparently this one did as in that gave Twitter information on
every successful Fedora 16 user login to gnome shell in default
installation initiating unasked and silent transaction with twitter
without the user consent and no obvious way to disable it, done over an
non verified ssl connection leaving it vulnerable to mitm attack as
Henrik mentions on the CVE.
So whether it did or did not is irrelevant since the risk of application
leaking private information such as you contacts list phone numbers,
email addresses chat contacts or as little as to simply if you are
logged then ofcourse at the same time your location etc. to online
social networking sites for harvesting and further user profiling or to
some unknown location that has hijacked your connection is at hand.
For you that might not matter but to my clients,my family and my friends
it does thus again how can I disable/remove "libsocialweb-core" so I can
reduce the risk/prevent applications from "accidentally" doing that?
But given that nobody seems to be able to answer the question on how to
disable/remove it which indicates that the ability to do that does not
exist, does upstream Gnome keep an list of application that are using
"libsocialweb-core" so relevant application can be replaced and
recommended with alternatives that do not use "libsocialweb-core" to
better maintain their desktop privacy?
Seriously are we heading the way with Gnome that the Fedora users now
have to grant "Permissions" similar to [1] with each Fedora "Default"
installation for the applications that come with it...
Regards
JBG
1.
As can be seen on permission page for the facebook android application
page the all so popular social networking site which I assume majority
if it's user base blindly accepts and installs simply cause it does not
know better...
https://market.android.com/details?id=com.facebook.katana&feature=sea...