Gentoo Archives: gentoo-user

From: Dale <rdalek1967@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: [OT] Seamonkey and LastPass
Date: Sun, 29 Nov 2009 04:30:25
Message-Id: 4B11F8AC.3070201@gmail.com
In Reply to: [gentoo-user] Re: [OT] Seamonkey and LastPass by "»Q«"
1 chrome://messenger/locale/messengercompose/composeMsgs.properties:
2 > On Sun, 29 Nov 2009 01:49:29 +0000
3 > Stroller<stroller@××××××××××××××××××.uk> wrote:
4 >
5 >
6 >> Everyone's yakking it up because it makes them look clever.
7 >>
8 > Either that, or they're 'yakking it up' in hopes of discouraging a
9 > regular user here from taking an amazing risk with his banking access
10 > passwords.
11 >
12 >
13 >> The "Why LastPass is safe" page<https://lastpass.com/safety.php> is
14 >> indeed bullet-points for idiots, and if that was the only
15 >> information available on the site then I, too, might be more
16 >> suspicious. If you look at the "Technology" summary on the site it
17 >> looks far more reasonable:<https://lastpass.com/technology.php>.
18 >> Perhaps some other commenters should have read this before posting?
19 >>
20 > You've missed the point, which is that users have no way of verifying
21 > that the LastPass technology actually behaves the way their web site
22 > claims.
23 >
24 > For example, how would you verify that their software, installed on
25 > your own machine, doesn't make a hash of the key to your data and send
26 > it to them? Of course their web site says they don't do that, and if
27 > that's good enough for you, good luck.
28 >
29 >
30
31 And that is why they need to let someone independently review their code
32 to see exactly what it does and in some cases, can do. I trust
33 Seamonkey for example for the reason that anyone can see their code. If
34 there was something in the code that allowed Seamonkey to grab passwords
35 or other information they shouldn't, then I'm sure someone would speak
36 up and say so. After all, how many people see the source code for
37 Seamonkey, thousands, maybe million or more? I don't think that many
38 people can keep a secret like that.
39
40 I think lostpass should open up the books so that people can see the
41 code. Then people may trust what they claim and could even make it
42 better at that. There is always someone out there with a better mouse
43 trap. I did read on there somewhere that Mozilla has some of their code
44 but it is not all of it. Not sure if it is the "good" stuff or what tho.
45
46 Dale
47
48 :-) :-)

Replies

Subject Author
[gentoo-user] Re: [OT] Seamonkey and LastPass "»Q«" <boxcars@×××.net>