Security Basics mailing list archives
Re: web browser security/hardening
From: "crazy frog crazy frog" <i.m.crazy.frog () gmail com>
Date: Mon, 14 Aug 2006 19:13:36 +0530
there are many spyware which exploits some flaws in ur browsers and there are many pr0n videos which require you to install activeX or some licesnse. when you click on yes they will install trojans/spywares on ur system.so becarefull and limit ur pr0n stuff ;) -CF -------------------------------------------- http://www.secgeeks.com -------------------------------------------- On 8/10/06, Michael Krymson <krymson () gmail com> wrote:
Well, if you must visit dangerous sites, you've definitely done a lot to limit your attack surface already, more than I would say 99% of web surfers. Be sure the weakest part of security, yourself, remains vigilant and do not run programs from any of those sites, nor supply personal information. Never reuse any usernames, emails, or passwords that you use for other more legitimate endeavors. It is amazing how you can glean a password for someone from a web site, and then track them around using Google and get into other things using that one password. In addition, cross site scripting is something the web sites you visit need to look out for, it is not necessarily something you can prevent, yourself...although disabling scripting anyway can thwart those attack vectors. But your question is what can be improved in your setup. If I were to get really drastic, and you absolutely still need to visit these sites, do so from a throw-away computer that has nothing else on it. Isolate it on your network as well. Regularly re-image your machine or rebuild it. Don't use wireless for this machine. Again though, that's pretty darn paranoid and out there, and more effort than most people will put in, but, it is still an improvement. sun sadm wrote: > Hi colleague > > Because I visit dangerous and dirty pr0n sites (like every male > person) I locked down my Web Browser on Fedora Core 5 > > Information available from my local Web Browser (tested by > showmyip.com): User-Agent, wrong Time stamp, Languages > All other Information were filtered by Privoxy > > I use a Mozilla Firefox (which is updated by Fedora's "yum") with the > plug in "noscript" > - don't allow Java (it means no program can bypass sandbox restrictions) > - allow JavaScripts very seldom from trusted sites > - delete all cookies with closing browser > - no auto download of file and no auto install of plug ins > - never us auto remember of passwords, I use always fake addresses > - disable ads > > Because of low performance I don't use onion routing with TOR > > Am I secure from common Web Attacks like Cross-Site Scripting, > malicious scripting, active content, Spoofing (called Phising)? > What would you improve in my setup? > > Nico > > --------------------------------------------------------------------------- > > This list is sponsored by: Norwich University > > EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE > The NSA has designated Norwich University a center of Academic > Excellence in Information Security. Our program offers unparalleled > Infosec management education and the case study affords you unmatched > consulting experience. Using interactive e-Learning technology, you > can earn this esteemed degree, without disrupting your career or home > life. > > http://www.msia.norwich.edu/secfocus > --------------------------------------------------------------------------- > > > --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :) "oh yeah oh yeah... another wannabe, in hackerland!!!" --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- web browser security/hardening sun sadm (Aug 09)
- Re: web browser security/hardening Michael Krymson (Aug 10)
- Re: web browser security/hardening crazy frog crazy frog (Aug 14)
- <Possible follow-ups>
- Re: web browser security/hardening revnic (Aug 14)
- Re: web browser security/hardening Saqib Ali (Aug 15)
- Re: web browser security/hardening barcajax (Aug 14)
- Re: web browser security/hardening gattaca (Aug 15)
- Re: web browser security/hardening Michael Krymson (Aug 10)