On Fri, Jan 18, 2008 at 09:30:01PM +0200, Jussi Peltola wrote:
> Most of the replies are missing the point. You do not only want to
> protect the rest of your system from your browser. You also want
> to avoid your browser doing anything an attacker wants when he
> finds an exploit in it.
>
> If y
On Fri, 18 Jan 2008 15:14:05 + (UTC)
Alexey Vatchenko <[EMAIL PROTECTED]> wrote:
> On 2008-01-18, Tony Abernethy <[EMAIL PROTECTED]> wrote:
> > Alexey Vatchenko wrote:
> >> On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> >> > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl w
Well short of building yourself into a faraday cage there is not much you
can do to avoid van Eck sniffing. Also while LCD's are immune, I hear that a
similar technique can be applied to LCD's. I am guessing sniffing LCD's is
probably an order of magnatude more difficult than CRT tho.
On 21/01/200
On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote:
> Most secure goes a long way. I run firefox on a sepperate user
> account. I doubt it's the most secure solution but it sure is
> quite a bit more secure, and I'm quite sure you really don't want
> to the most secure solution. :-)
>
> ht
On Sat, Jan 19, 2008 at 08:24:27AM +0100, ropers wrote:
> On 19/01/2008, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> may just be very insecure. Which is it? You can't tell without looking
> at the details, or asking somebody who has done so. Your specific
> questions to this list about Dillo et
On Sat, 19 Jan 2008, Jona Joachim wrote:
> On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote:
>
> Talking about brainfucked bank sites...
> My bank checks for the browser's user-agent: Firefox on win32 an Linux
> passes, Firefox on *BSD is denied access, unless you change the
> user-ag
On Friday 18 January 2008, Joel Wiramu Pauling wrote:
> > in the end a scrubbing proxy would be a good idea if your uber
> > paranoid.
> >
> > does your bank not use SSL? or do you have some scrubbing proxy
> > that you trust enough to MITM connections to your bank?
>
> No but having a scrubbing pr
On 19/01/2008, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> As for the security record of popular browsers, this is the question.
> Is a browser with a long history of few security bugs more or less
> secure than a browser with a long history of many security bugs?
> Someone suggested that Dillo,
Dude, you want a proxy with different user ACLs. This is not a browser thing
at all.
2 firefox profiles will do the same thing, each having a different proxy
user set. Hell have 2 user accounts on your entertainment box, and ssh -X
[EMAIL PROTECTED] when you want to bring up your secure account.
K
On Fri, Jan 18, 2008 at 09:30:01PM +0200, Jussi Peltola wrote:
> Most of the replies are missing the point. You do not only want to
> protect the rest of your system from your browser. You also want to
> avoid your browser doing anything an attacker wants when he finds an
> exploit in it.
>
> If y
On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote:
> One other note, if your planning on doing any internet banking, your pretty
> much stuck with Firefox or Opera (using binary emulation). Haven't tried ie
> under wine on openbsd, it may work also.
>
> Why? Because a lot of the inter
On Sat, 19 Jan 2008 08:41:18 +1300
"Joel Wiramu Pauling" <[EMAIL PROTECTED]> wrote:
> but to me sounds like your making a non-issue into a mole hill. Even
> the most limited of hardware can run decent browsers. Why you are
> insisting on using your access box, when you have another machine is
> be
On 19/01/2008, Stuart Henderson <[EMAIL PROTECTED]> wrote:
>
> On 2008/01/19 08:47, Joel Wiramu Pauling wrote:
> > One other note, if your planning on doing any internet banking, your
> pretty
> > much stuck with Firefox or Opera (using binary emulation).
>
> lynx works fine for me. with some of th
On 2008/01/19 08:47, Joel Wiramu Pauling wrote:
> One other note, if your planning on doing any internet banking, your pretty
> much stuck with Firefox or Opera (using binary emulation).
lynx works fine for me. with some of the things that are being
suggested, isn't it easier to just change bank?
On 1/18/08, Alexey Vatchenko <[EMAIL PROTECTED]> wrote:
> The problem is not in blobbyness (all drivers that come with OpenBSD are open
> sourced), the problem is that the userland program (X server) has access to
> the
> things that must be allowed only to kernel.
and if you don't run X, it does
One other note, if your planning on doing any internet banking, your pretty
much stuck with Firefox or Opera (using binary emulation). Haven't tried ie
under wine on openbsd, it may work also.
Why? Because a lot of the internet banking sites are useless and while
things like konqueror load them, b
dude, from what your saying, then run a browser, in chroot via ssh. To your
remote X server. You may also want to rub a scrubbing proxy in that environ,
(i.e dans guardian or somesuch). While a chroot is not ideal, it is a step
up from running just plain ol unprivileged. And it's not like chroots a
Most of the replies are missing the point. You do not only want to
protect the rest of your system from your browser. You also want to
avoid your browser doing anything an attacker wants when he finds an
exploit in it.
If you try to solve the problem with virtualization, different users or
another
On Fri, Jan 18, 2008 at 05:10:58PM +0200, Dusty wrote:
> There are no insecure browsers, just insecure sites.
OK, but how do you tell a secure site from an insecure site? If a site
turns out to be insecure, if the browser isn't vulnerable to the attacks
that the insecure site can exploit, then th
On Fri, Jan 18, 2008 at 03:14:05PM +, Alexey Vatchenko wrote:
> On 2008-01-18, Tony Abernethy <[EMAIL PROTECTED]> wrote:
> > Alexey Vatchenko wrote:
> >> On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> >> > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
> >> >> If yo
On Fri, Jan 18, 2008 at 06:25:41PM +1300, Joel Wiramu Pauling wrote:
> chroot ;-).
>
See the previous threads on this list about the false sense of security
with virtualization and chroots in this context.
Also see the previous thread for how I'm separating things between
"secure", "entertainmen
On Fri, Jan 18, 2008 at 08:39:57AM -0600, Tony Abernethy wrote:
> Alexey Vatchenko wrote:
> > On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
> > >> If you want security, get rid of X.
> > >>
> > > Even if it's OpenBSD's
On Thu, Jan 17, 2008 at 10:11:47PM -0500, Steve Shockley wrote:
> Douglas A. Tutty wrote:
> >I have a box that I want to keep as secure as I can but I also need to
> >be able to use a graphical browser from it (I know that this is a
> >trade-off).
>
> Assuming you've already decided to run X, then
On 2008-01-18, Tony Abernethy <[EMAIL PROTECTED]> wrote:
> Alexey Vatchenko wrote:
>> On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
>> > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
>> >> If you want security, get rid of X.
>> >>
>> > Even if it's OpenBSD's X? The one
Lynx is secure ;)
There are no insecure browsers, just insecure sites.
On Jan 18, 2008 4:39 PM, Tony Abernethy <[EMAIL PROTECTED]> wrote:
>
> Alexey Vatchenko wrote:
> > On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
>
Alexey Vatchenko wrote:
> On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
> >> If you want security, get rid of X.
> >>
> > Even if it's OpenBSD's X? The one that you need should you need to
> > build any ports (including
On 2008-01-18, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
>> If you want security, get rid of X.
>>
> Even if it's OpenBSD's X? The one that you need should you need to
> build any ports (including if you follow current and need secu
On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote:
> Most secure goes a long way. I run firefox on a sepperate user
> account. I doubt it's the most secure solution but it sure is
> quite a bit more secure, and I'm quite sure you really don't want
> to the most secure solution. :-)
>
> ht
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
> No kidding. Having X installed on a main server is a bad idea. What does
> this main server do? If you need a GUI on your server you should
> probably use Linux or Windows.
>
> If you just need a browser to view documentation on th
Most secure goes a long way. I run firefox on a sepperate user
account. I doubt it's the most secure solution but it sure is
quite a bit more secure, and I'm quite sure you really don't want
to the most secure solution. :-)
http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people
# Han
chroot ;-).
It is a pity that the is nothing like linux vservers for openbsd as yet ;-)
On 18/01/2008, Joachim Schipper <[EMAIL PROTECTED]> wrote:
>
> On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote:
> > On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
> > > On Thurs
On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote:
> On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
> > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
> > > I have a box that I want to keep as secure as I can but I also need to
> > > be able to use a g
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
Assuming you've already decided to run X, then why not just run the
browser on your other machine and set the display to
On Fri, Jan 18, 2008 at 01:03:07AM +0100, Rico Secada wrote:
> On Thu, 17 Jan 2008 18:17:54 -0500
> "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote:
>
> > On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
> > > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
> > > > I have
On Jan 17, 2008, at 5:02 PM, ropers wrote:
It can be useful for (esp. junior) sysadmins who've hooked up a
monitor and keyboard to a server and are sitting in front of it to
administer it, and who may not be confident enough of their choices
without googling and reading through a number of pages
On Thu, Jan 17, 2008 at 06:36:27PM -0500, Frank Bax wrote:
> Douglas A. Tutty wrote:
> >I have a box that I want to keep as secure as I can but I also need to
> >be able to use a graphical browser from it (I know that this is a
> >trade-off).
> Have you considered running the browser in a virtu
Rico Secada wrote:
On Thu, 17 Jan 2008 18:17:54 -0500
"Douglas A. Tutty" <[EMAIL PROTECTED]> wrote:
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can
> On Thu, 17 Jan 2008 18:17:54 "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote:
>
> A main server where you need a graphical browser?
It can be useful for (esp. junior) sysadmins who've hooked up a
monitor and keyboard to a server and are sitting in front of it to
administer it, and who may not be co
On Thu, 17 Jan 2008 18:17:54 -0500
"Douglas A. Tutty" <[EMAIL PROTECTED]> wrote:
> On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
> > On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
> > > I have a box that I want to keep as secure as I can but I also
> > > need to be
On Jan 17, 2008, at 3:36 PM, Frank Bax wrote:
Have you considered running the browser in a virtual environment?
Outside of virtualization providing snapshots, it doesn't do anything
to truly improve security.
On Jan 17, 2008 8:42 PM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> I have a box that I want to keep as secure as I can but I also need to
> be able to use a graphical browser from it (I know that this is a
> trade-off).
>
> There is no graphical browser in base. I don't need or want this
> bro
what are you referring to?
are we restarting the VM are more secure flame fest?
On Thu, Jan 17, 2008 at 06:36:27PM -0500, Frank Bax wrote:
> Douglas A. Tutty wrote:
>> I have a box that I want to keep as secure as I can but I also need to
>> be able to use a graphical browser from it (I know that
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do javascript or flash (I have a different
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
> On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
> > I have a box that I want to keep as secure as I can but I also need to
> > be able to use a graphical browser from it (I know that this is a
> > trade-off).
> >
> > Th
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
> I have a box that I want to keep as secure as I can but I also need to
> be able to use a graphical browser from it (I know that this is a
> trade-off).
>
> There is no graphical browser in base. I don't need or want this
> browser
On Thu, 17 Jan 2008 15:42:38 -0500
"Douglas A. Tutty" <[EMAIL PROTECTED]> wrote:
> I have a box that I want to keep as secure as I can but I also need to
> be able to use a graphical browser from it (I know that this is a
> trade-off).
>
> There is no graphical browser in base. I don't need or wa
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do javascript or flash (I have a different
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do javascript or flash (I have a different box for
entertainment). Of
48 matches
Mail list logo
