I don't understand the "troll" stuff.. Can you explain, please? Thanks! On Jan 21, 2014 11:11 PM, "Paul Ferguson" <fergdawgs...@mykolab.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 1/21/2014 8:52 PM, Andrés Leopoldo Pacheco Sanfuentes wrote: > > > What is the "value proposition" of changing email client from > > Gmail? > > > > Please don't feed the troll. > > Thank you. > > - - ferg > > > > > On Jan 21, 2014 10:24 PM, "Tony Arcieri" <basc...@gmail.com > > <mailto:basc...@gmail.com>> wrote: > > > > On Tue, Jan 21, 2014 at 6:53 PM, Fabio Pietrosanti (naif) > > <li...@infosecurity.ch <mailto:li...@infosecurity.ch>> wrote: > > > > I just would like to argue that the delivery (download, > > installation, upgrade) of an Chrome App is far more secure than an > > native application with an executable installer, due to the trust > > model of application store and the reduced risks of being > > hijacked/infected during the download. > > > > > > Yes and no. > > > > It's true that Chrome extensions distributed through Google's > > walled garden are more secure than typing an address into your URL > > bar. > > > > It's true that native applications have wide-ranging capabilities > > that browser extensions don't. > > > > But it's important to keep in mind that browser extensions are > > fraught with their own problems, and that browsers are complex > > beasts with even more complex potential interactions between > > components, the possibilities of which are extremely hard to > > understand, even by the browser authors themselves. > > > > Where browser extensions can fall down is unexpected interactions > > with web pages and JavaScript running on them. This is a problem > > that native apps don't have because the browser is attempting to > > act as a sandbox, so escalating privilege from a JavaScript to > > access to native code execution is much more difficult than > > escalating privileges to interact with browser extensions > > unexpectedly. In this regard, native apps are superior, because the > > browser is trying to prevent that interaction from happening. > > Native apps are "airgapped" from web pages in a way browser > > extensions are not. > > > > This is a good talk on the matter, specifically in regard to > > Chrome: > > > > > http://www.slideshare.net/kkotowicz/im-in-ur-browser-pwning-your-stuff-attacking-with-google-chrome-extensions > > > > Don't get me wrong, things are getting better, but we're not > > completely there yet. > > > > -- Tony Arcieri > > > > > > - -- > Paul Ferguson > PGP Public Key ID: 0x54DC85B2 > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (MingW32) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iF4EAREIAAYFAlLfUwsACgkQKJasdVTchbKpwQD5ARHMTMUwUnt3r3FeeCWvzzB1 > W+jWmAk/pIvZPOltOf8BAMAiTOu8wbzawNSP8I+svj+TlrlEM13FNJ2ALRamFGqB > =5BXU > -----END PGP SIGNATURE----- > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
