Re: Dedicated admin account (was Re: Debians security features in comparison to Ubuntu)

Sat, 17 May 2014 10:04:30 -0700 

On Sat, 17 May 2014 18:57:35 +0200
Franz Brandl <franz.bra...@runbox.com> wrote:

> May be off topic, but IMO one should use an OS booted from DVD or write 
> protected USB Stick for online banking.

Assuming that no remote attacker can plug my HBCI-cardreader into the
USB-HUB, I think that is not necessary. 
> On 17. Mai 2014 18:50:42 MESZ, Sven Bartscher 
> <sven.bartsc...@weltraumschlangen.de> wrote:
> >On Sun, 18 May 2014 01:36:44 +0900
> >Joel Rees <joel.r...@gmail.com> wrote:
> >
> >> >> There are more reasons than the X11 hole to refrain from using
> >your
> >> >> admin user to surf the web.
> >> >
> >> > Just out of curiosity, what are these reasons?
> >> 
> >> Your browser and any plugins, addons, etc. that it loads, including
> >> java, flash, java/ecmascript, and, well, any scripting language the
> >> browser can be running, for starters.
> >> 
> >> Shoot, if my memory serves me, I seem to remember a class of
> >> vulnerabilities that has never really been answered, involving
> >pushing
> >> keyboard loggers into the keyboard controller itself.
> >> 
> >> >> If you are worried about needing to find answers to admin problems
> >by
> >> >> searching the web, lynx helps somewhat. But I still restrict the
> >> >> places I visit with lynx while running as an admin to my search
> >engine
> >> >> site, certain subdomains of debian.org, and such.
> >> >
> >> > I'm not only worried about my admin account.
> >> > This is still a big security-hole for non-admins.
> >> 
> >> The web is not safe. If you do internet banking, at least make a
> >> separate, dedicated account for that, too. And if you go places where
> >> maybe you should not let you go, re-think your reasons for going.
> >
> >So basically I would need one account for surfing, one for
> >online-banking, ssh(-agent) and other important stuff and an
> >admin-account. Some accounts I missed?
> >
> >I know that's not gonna help, but I fell like there should be a better
> >way to isolate processes.
> >
> >PS: Please don't CC me
> >
> >Regards
> >Sven
> 
> -- 
> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Attachment: signature.asc
Description: PGP signature

Reply via email to