On Wed, Jan 09, 2008 at 03:14:35PM +, Russell Gadd wrote:
> Unfortunately some bank sites do use javascript and I have a concern
> over cross site scripting - only because I have yet to look deeper into
> this to see what the risks are. But if I never visit non-bank sites is
> this a proble
Jussi Peltola wrote:
On Tue, Jan 08, 2008 at 10:48:41AM -0500, Douglas A. Tutty wrote:
I suppose the only way to have a "trusted-secure" box and an
"untrusted-insecure" box with one disply/keyboard would be a KVM.
Actual, physical separation of the machines is the only 100% secure way
to prev
On Tue, Jan 08, 2008 at 07:26:42PM +0200, Jussi Peltola wrote:
> On Tue, Jan 08, 2008 at 10:48:41AM -0500, Douglas A. Tutty wrote:
> > I suppose the only way to have a "trusted-secure" box and an
> > "untrusted-insecure" box with one disply/keyboard would be a KVM.
> This is pretty much the case -
On Tue, Jan 08, 2008 at 10:48:41AM -0500, Douglas A. Tutty wrote:
> I suppose the only way to have a "trusted-secure" box and an
> "untrusted-insecure" box with one disply/keyboard would be a KVM.
This is pretty much the case - depends on what you want to trust. If you
trust the X server and the OS
On Mon, Jan 07, 2008 at 07:04:42PM -0500, Douglas A. Tutty wrote:
> On Mon, Jan 07, 2008 at 11:32:09AM -0800, Ted Unangst wrote:
> > On Jan 7, 2008 5:55 AM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > Right, but when I go from an OpenBSD box via ssh to a debian box to run
> > > apps, then tha
On Mon, Jan 07, 2008 at 11:32:09AM -0800, Ted Unangst wrote:
> On Jan 7, 2008 5:55 AM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > Right, but when I go from an OpenBSD box via ssh to a debian box to run
> > apps, then that doesn't apply and I don't set ForwardX11Trusted on the
> > OpenBSD box w
On Jan 7, 2008 5:55 AM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> Right, but when I go from an OpenBSD box via ssh to a debian box to run
> apps, then that doesn't apply and I don't set ForwardX11Trusted on the
> OpenBSD box which I use ssh -X and not ssh -Y.
and then firefox doesn't work, whi
On Mon, Jan 07, 2008 at 07:28:40AM +0200, [EMAIL PROTECTED] wrote:
> On Sat, Jan 05, 2008 at 11:38:24PM -0500, Douglas A. Tutty wrote:
> > On Sat, Jan 05, 2008 at 07:48:53PM -0800, Ted Unangst wrote:
> > > On 1/5/08, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > > Is there anything that, bug-wi
On Sat, Jan 05, 2008 at 11:38:24PM -0500, Douglas A. Tutty wrote:
> On Sat, Jan 05, 2008 at 07:48:53PM -0800, Ted Unangst wrote:
> > On 1/5/08, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > Is there anything that, bug-wise, could go wrong with that remote
> > > browser that would be able to rea
On Sat, Jan 05, 2008 at 07:48:53PM -0800, Ted Unangst wrote:
> On 1/5/08, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > Is there anything that, bug-wise, could go wrong with that remote
> > browser that would be able to read or alter anything on the local
> > machine? I'm talking about using ssh
On Jan 5, 2008, at 7:48 PM, Ted Unangst wrote:
On 1/5/08, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
Is there anything that, bug-wise, could go wrong with that remote
browser that would be able to read or alter anything on the local
machine? I'm talking about using ssh's X forwarding features
On 1/5/08, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> Is there anything that, bug-wise, could go wrong with that remote
> browser that would be able to read or alter anything on the local
> machine? I'm talking about using ssh's X forwarding features, not using
> X's native forwarding.
a lot m
On Sat, Jan 05, 2008 at 10:43:56PM +0200, Jussi Peltola wrote:
> On Sat, Jan 05, 2008 at 11:36:04AM -0500, Douglas A. Tutty wrote:
> > Perhaps you could use the banking machine as your main access point,
> > running apps on the main box via ssh. Would that introduce any
> > insecurity in the banki
On Sat, Jan 05, 2008 at 11:36:04AM -0500, Douglas A. Tutty wrote:
> Perhaps you could use the banking machine as your main access point,
> running apps on the main box via ssh. Would that introduce any
> insecurity in the banking machine?
I certainly wouldn't do sensitive things on an X server wit
On 05/01/2008, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
>
>
> > > 2: Space for the P3 is limited and I would like to remove its printer
> and
> > > print bank statements across the LAN on the main PC (running Linux, or
> maybe
> > > FreeBSD in future) using CUPS. Does this introduce security ris
On Fri, Jan 04, 2008 at 11:28:18PM -0500, Nick Holland wrote:
> Rusty Gadd wrote:
> > I am seeking advice on the security aspects of the configuration of my home
> > system. I have 2 PC's, connected to the internet via a firewalled NAT
> > router. The main PC is an i386 P4 used for general computin
On 05/01/2008, Nick Holland <[EMAIL PROTECTED] > wrote:
>
>
>
>
> Your PF rules would probably just block all incoming traffic and pass
> outgoing traffic. Or if you want to make sure it is used only for your
> desired app, block everything outbound 'cept for that traffic destined to
> your desir
The sad thing is you are being more careful with your system design than
your bank probably is. :-/ By the time you are running OpenBSD on your
banking computer, I suspect you have shifted the primary risk to the
other end of the wire...your bank is a bigger risk to your data than you
are.
On 1/4/08, Rusty Gadd <[EMAIL PROTECTED]> wrote:
> 1: The P3 will only ever connect to bank websites, which I have to assume
> are 'clean' (I might be able to disable scripting for some sites). However
> malware may conceivably infect the main PC. Am I right in assuming I need to
> run PF within OB
Rusty Gadd wrote:
> I am seeking advice on the security aspects of the configuration of my home
> system. I have 2 PC's, connected to the internet via a firewalled NAT
> router. The main PC is an i386 P4 used for general computing, the second is
> an older i386 P3 which I intend to dedicate to inte
I am seeking advice on the security aspects of the configuration of my home
system. I have 2 PC's, connected to the internet via a firewalled NAT
router. The main PC is an i386 P4 used for general computing, the second is
an older i386 P3 which I intend to dedicate to internet banking for maximum
s
21 matches
Mail list logo
