Once you installed it, it really doesn't matter if somebody later breaks to Effie's site (to Effie it would matter :'( ). If you haven't installed it yet - you can download it, and examine the file contets (an XPI file is just a fancy extension to a ZIP archive) before installing it (from the local file, of course). I would do it even if the file were signed, and even if it came by a stork directly from mozdev :-) .
Amos Shapira wrote, On 07/12/06 23:28: > On 08/12/06, *Oded Arbel* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > On Thu, 2006-12-07 at 18:38 +0200, Ilya Konstantinov wrote: > > While I agree this is risky, I must correct your assumption that the > > fact this extension claims to deal with a banking site makes it more > > or less likely to be spyware. > > > I think the main issue is that it's unsigned - it means that a cracker > who breaks into Effie's web site and installs a modified version won't > be caught by the extension singing mechanism. > I might be naive, but I pretty much trust Effie himself not to do any > monkey business with his own extensions. -- Dr. Zvi Har'El mailto:[EMAIL PROTECTED] Department of Mathematics tel:+972-54-4227607 icq:179294841 Technion - Israel Institute of Technology fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL "If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
