Discussion in 'other security issues & news' started by axial, Aug 26, 2008.
This sounds encouraging.
Thanks, axial! Works as advertised. Another great add-on for FF 3.0 and above:
Perspectives : Mozilla Firefox 3 Extension.
I read this before on softpedia and installed the addon.
But what if the Perspectives FF addon was really written by student criminal hackers and is a nasty script that points your browser to criminal websites that then obtain your personal details?
I just love Open source. Don't you?
Have been trialing Perspectives for a couple of weeks.
From what I have learned it definitely has potential.
I feel good when people are so optimistic!
For the record, the program was written by the Carnegie Mellon's School of Computer Science, developed by David Andersen (Assistant Professor of Computer Science), Adrian Perrig (Associate Professor of Electrical and Computer Engineering) and Dan Wendlandt (a Ph.D. student in computer science).
As I pointed out to truthseeker on another thread, if these 3 individuals are possible hackers, risking the reputation of a world renown institution such as Carnegie Mellon, then we all better disconnect from the Internet right now because we won't be able to trust anyone in this world.
Opensource doesn't do me and millions of others any good. Reason is because I and millions of others cannot read or understand the source code.
The source code doesn't make sense to me, as I am not a qualified or experience programmer.
Are you? have you read every single line of code and understood every function and command?
Seeing I cannot read or understand the source code, how can I be 100% certain it doesn't contain any bad code that will do me harm? If I then ask someone who knows to read the source code, how can I trust that person, because I don't know anyone personally who understands source code.
If a human being is approached by large criminal organisations and offered a large amount of money, humans will risk everything.
Just because someone works for a well known or reputable place, doesn't mean anything. History has shown that even in some of the biggest and well known and reputable companies and organisations, a person has committed crimes and ripped of the public and its shareholders.
You are dealing with humans here my friend, don't underestimate the lenghts some people will go to make money, it's called greed.
A world renown institution such as Carnegie Mellon is never immune from having people work in it that could commit law breaking acts such as writing a piece of software that will redirect a person to a criminal website that looks like the banks website.
Don't so be so naive and gullible. Must be cautious of everyone, no matter where they work.
Lol, I feel like I'm looking at a mirror image of myself when I read this post. I don't mean that offensively because I more or less believe the same way, but there's a big ol' however that needs to be inserted here so as to keep this fair. That big ol' however is this: Open source is very much "open" to malicious coding, tricks and whatnot, BUT, one of the purposes of open source is that everyone who CAN understand the coding can freely pour over it to check for maliciousness, poor code, or just plain flawed code. Unlike closed source where nobody but the developers have any clue what's in there and all we can do is hope everything checks out ok.
The one roadblock to this openess though is that unless it's a widely used open source program, there's a chance not enough people or the right people have checked the coding out so malicious programs can slip under the radar. Have no doubt, there are disadvantages and advantages to open source. Just as with every other program, it all boils down to the integrity of the developer and the care and time he/she puts into their creations.
FFS lets not go down the path of the other thread with a 'discussion' on trust and actually talk about this new addon.
Whose servers will it use to do the other checks?
According to: Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing PDF, CM is using a RON/IRIS Testbed composed of machines scattered around the Internet. Here's their RON Machine Information and it looks to be around 50 servers, many in university settings.
Yes, your post made a lot of sense. And that is my point.. at the end of the day, unless I am qualified and educated in reading and understanding the source code, I have no 100% way of knowing what it does.
For me to be sure, I would need to be able to read and understand the source code and then compile it myself.
P.S You looking good in that mirror my friend
I agree, that's why I strongly suggest researching any new/lesser known application before letting it loose on your system. A place like Sourceforge can be an Open Source dreamland, but take care that there aren't any monsters lurking in any closets or under the beds. I always try to look my best hehe.
On that note, could the same argument be made against packages that are installed on Linux? Or even Linux distros themselves?
This looks like a promising FF extension. Good to see the open source community keeping up with the threats out there.
Separate names with a comma.