On 11/29/2011 10:59 AM, drago01 wrote:
2011/11/29 "Jóhann B. Guðmundsson"johannbg@gmail.com:
On 11/29/2011 01:19 AM, Peter Robinson wrote:
2011/11/29 "Jóhann B. Guðmundsson"johannbg@gmail.com:
<snip>
Good that CVE-2011-4129 is fixed however I still would like to disable/remove this all together since I have no interest at all having my desktop making arbitrary connections and feeding social network sites what I am doing on the computer behind my back.
It does not do that.
Well apparently this one did as in that gave Twitter information on every successful Fedora 16 user login to gnome shell in default installation initiating unasked and silent transaction with twitter without the user consent and no obvious way to disable it, done over an non verified ssl connection leaving it vulnerable to mitm attack as Henrik mentions on the CVE.
So whether it did or did not is irrelevant since the risk of application leaking private information such as you contacts list phone numbers, email addresses chat contacts or as little as to simply if you are logged then ofcourse at the same time your location etc. to online social networking sites for harvesting and further user profiling or to some unknown location that has hijacked your connection is at hand.
For you that might not matter but to my clients,my family and my friends it does thus again how can I disable/remove "libsocialweb-core" so I can reduce the risk/prevent applications from "accidentally" doing that?
But given that nobody seems to be able to answer the question on how to disable/remove it which indicates that the ability to do that does not exist, does upstream Gnome keep an list of application that are using "libsocialweb-core" so relevant application can be replaced and recommended with alternatives that do not use "libsocialweb-core" to better maintain their desktop privacy?
Seriously are we heading the way with Gnome that the Fedora users now have to grant "Permissions" similar to [1] with each Fedora "Default" installation for the applications that come with it...
Regards JBG
1.
As can be seen on permission page for the facebook android application page the all so popular social networking site which I assume majority if it's user base blindly accepts and installs simply cause it does not know better...
https://market.android.com/details?id=com.facebook.katana&feature=search...