Just being a bit argumentative, you have 2 issues with this claim: 1) You can't tell by that logic if the zip has already been cracked. The many eyes principle says that only you is probably not enough. Now, if it was tab mix plus... :) 2) 6 months from now, when it will ask for an update, someone will probably forget the original reasoning for installing an unsigned xpi and will update the file.
On Friday 08 December 2006 08:07, Zvi Har'El wrote: > Once you installed it, it really doesn't matter if somebody later breaks > to Effie's site (to Effie it would matter :'( ). If you haven't > installed it yet - you can download it, and examine the file contets (an > XPI file is just a fancy extension to a ZIP archive) before installing > it (from the local file, of course). I would do it even if the file > were signed, and even if it came by a stork directly from mozdev :-) . > > Amos Shapira wrote, On 07/12/06 23:28: > > On 08/12/06, *Oded Arbel* <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > On Thu, 2006-12-07 at 18:38 +0200, Ilya Konstantinov wrote: > > > While I agree this is risky, I must correct your assumption that > > > the fact this extension claims to deal with a banking site makes it > > > more or less likely to be spyware. > > > > I think the main issue is that it's unsigned - it means that a cracker > > who breaks into Effie's web site and installs a modified version won't > > be caught by the extension singing mechanism. > > I might be naive, but I pretty much trust Effie himself not to do any > > monkey business with his own extensions. -- Regards, Tzahi. -- Tzahi Fadida Blog: http://tzahi.blogsite.org | Home Site: http://tzahi.webhop.info WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
