| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <etPan.54fb89ee.62bbd95a.17a@none.fritz.box> Date: Sun, 8 Mar 2015 09:29:50 +1000 From: James Hodgkinson <yaleman@...etek.net> To: Nick FitzGerald <nick@...us-l.demon.co.uk>, fulldisclosure@...lists.org Subject: Re: [FD] Java 8u40 released: why? Nick, Nowhere in the quoted text or my comments did it say it was a forced option, only that it “appeared” in the update; this thread started with questions as to whether there was any actual changes with the version bump, and I was offering a possibility. James On 8 March 2015 at 9:07:41 am, Nick FitzGerald (nick@...us-l.demon.co.uk) wrote: James Hodgkinson wrote: > Maybe the major change is that they're including the Ask toolbar in > all releases now, not just the windows one? :) Indeed! > The unwelcome Ask extension shows up as part of the installer if a Mac > user downloads Java 8 Update 40 for the Mac. In my tests on a Mac > running that latest release of OS X, the installer added an app to the > current browser, Chrome version 41... So you did not notice the explanation that this would happen, right there on the "continue the install" permission dialog? The one we can see a screenshot of at, say: https://grahamcluley.com/2015/03/oracle-java-mac/ Your description rather strongly implies that you have no choice in getting the Ask toolbar, which is untrue. I understand that Mac users will likely not be _accustomed_ to such permissions for _additional_ software, over and above the actual software that they thought they were installing, being requested, BUT unlike your description above and Ed Bott's at ZDNet (referenced in another post in this thread), the user is actually given the choice to not install the extra offer. Of course, questions as to the desirability of the option being pre-selected, and the possibly less than fully transparent directions about the necessity of the offer are much the same with the Mac version and the Windows version, whose permission dialog you can see here: http://i.imgur.com/82Tp2pp.png?1 Regards, Nick FitzGerald _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists