Security Basics mailing list archives
Re: web browser security/hardening
From: Michael Krymson <krymson () gmail com>
Date: Wed, 09 Aug 2006 22:39:20 -0500
Well, if you must visit dangerous sites, you've definitely done a lot to limit your attack surface already, more than I would say 99% of web surfers. Be sure the weakest part of security, yourself, remains vigilant and do not run programs from any of those sites, nor supply personal information. Never reuse any usernames, emails, or passwords that you use for other more legitimate endeavors. It is amazing how you can glean a password for someone from a web site, and then track them around using Google and get into other things using that one password. In addition, cross site scripting is something the web sites you visit need to look out for, it is not necessarily something you can prevent, yourself...although disabling scripting anyway can thwart those attack vectors. But your question is what can be improved in your setup. If I were to get really drastic, and you absolutely still need to visit these sites, do so from a throw-away computer that has nothing else on it. Isolate it on your network as well. Regularly re-image your machine or rebuild it. Don't use wireless for this machine. Again though, that's pretty darn paranoid and out there, and more effort than most people will put in, but, it is still an improvement. sun sadm wrote:
Hi colleague Because I visit dangerous and dirty pr0n sites (like every male person) I locked down my Web Browser on Fedora Core 5 Information available from my local Web Browser (tested by showmyip.com): User-Agent, wrong Time stamp, Languages All other Information were filtered by Privoxy I use a Mozilla Firefox (which is updated by Fedora's "yum") with the plug in "noscript" - don't allow Java (it means no program can bypass sandbox restrictions) - allow JavaScripts very seldom from trusted sites - delete all cookies with closing browser - no auto download of file and no auto install of plug ins - never us auto remember of passwords, I use always fake addresses - disable ads Because of low performance I don't use onion routing with TOR Am I secure from common Web Attacks like Cross-Site Scripting, malicious scripting, active content, Spoofing (called Phising)? What would you improve in my setup? Nico --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- web browser security/hardening sun sadm (Aug 09)
- Re: web browser security/hardening Michael Krymson (Aug 10)
- Re: web browser security/hardening crazy frog crazy frog (Aug 14)
- <Possible follow-ups>
- Re: web browser security/hardening revnic (Aug 14)
- Re: web browser security/hardening Saqib Ali (Aug 15)
- Re: web browser security/hardening barcajax (Aug 14)
- Re: web browser security/hardening gattaca (Aug 15)
- Re: web browser security/hardening Michael Krymson (Aug 10)