On 170107-23:27+0100, Floyd Anderson wrote:
> On Sat, 07 Jan 16:51:41 +0100
> meino.cra...@gmx.de wrote:
> >Hi,
> >
> >what Firefox-Version/what browser is the most secure one for Online-Banking?
>
> Who is able to tell about that? I think nobody which has evaluated this
> for every version (if some really has) is reading this list.
>
> I would recommended at least a separate well configured browser profile
> for the banking purpose and to strip off all unnecessary connections.
>
> The latter can be achieved by using a Proxy Auto Config (PAC) file [1].
> Have a look at [2] for more background information on this — even when
> it’s quite old.
>
> For Mozilla Firefox create a file (e.g. “proxy.pac”) with following
> content for example (don’t copy ’n paste, the spaces aren’t such):
>
> function FindProxyForURL(url, host) {
> // Proxy bypass logic
> if (
> dnsDomainIs(host, '.your-bank.com')
> // || dnsDomainIs(host, 'addons.cdn.mozilla.net')
> // || dnsDomainIs(host, 'addons.mozilla.org')
> ) { return 'DIRECT'; }
>
> // Redirect all other requests through localhost which should always
> // fail due no listen server.
> return 'PROXY 127.0.0.1:65535';
> }
>
> and place it in the root of your browser profile, apply it due property
> “network.proxy.autoconfig_url” or via GUI by using the “file:” protocol
> in about:preferences#advanced > Network > Connection Settings.
>
> Before you ask, I’ve never tried to use a relative path definition which
> may be important on an USB device nor can say if it’ll also work.
>
> Notice the comment lines for the mozilla domains. Comment those out if
> you really need to use add-ons in a banking profile and want to have a
> more comfortable way to update them. But you know, comfort/add-ons and
> security is often like fire and water nowadays.
>
> To test that only your banking connection is possible invoke:
>
> /usr/bin/firefox --private-window "https://www.example.com/" --no-remote -P
> banking.profile
>
>
> [1] <https://calomel.org/proxy_auto_config.html>
> [2]
> <https://web.archive.org/web/20040821144727/http://developer.netscape.com/docs/manuals/proxy/adminux/>The above method certainly looks appealing to me and calomel.org is designed great. But that would take me time to understand. Can I ask you, and other readers, a question which is only partly related to the above. Related insomuch as Tor is about proxying as well. I'm looking at: https://wiki.gentoo.org/wiki/Tor It appears to me that, with a grsecurity-hardened kernel-base Gentoo machine, using TBB is next to impossible (tried it, doesn't work the simple user way _at all_). Neither did I have much luck with Whonix, since porting Whonix to Gentoo appears dead, to say just so much about my tries. Also the Tails page... Aaahhh, I have to find it, to make at least that info complete... https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html [Also that Tails page] requires translation for a non-dbus system like mine (no dbus in your system, no GUI virt-manager you get), the translation (not languagewise but methodwise) of that GUI virt-manager tutorial into virsh command line tutorial, which hasn't been done yet. I close to entirely abandoned Firefox because Mozilla promissed with solemn repeated oaths, that they will impose Pulseaudio on all Linuces, else no audio in Firefox (a long --heavily diverted-- thread about that at end-of-2016 in this ML), and I am using Palemoon, pretty happily so far, for all any any browsing. Has anybody got Palemoon to work as Tor browser like Firefox is set to work in the abovementioned https://wiki.gentoo.org/wiki/Tor page? That I believe would be great, because I'm banking on Palemoon to grow, and it appears to me they might be good on privacy, much better that Mozilla (well I'm only betting on them, I'm not an expert to be able to really tell...)! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
signature.asc
Description: Digital signature
