D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Secure web browsing with live distro

 

A lot of negativity here guys.  

How many people on this list still use IE?  If you run Windows, IE, etc. then 
security is a nightmare.  I know that you can never be 100% secure but you 
sure as hell can make it difficult for the bad guys when it counts.  I do all 
my money laundering on-line and I want that as private as possible.  A distro 
on cd is an awkward way to go but it's better than people getting into your 
bank account.  And if you're a Windows user then it could be a godsend.  I 
know lots of people have had this idea before but I'll bet none of them were 
Windows only users.

And what is this about losing your bookmarks on a power cut, Tom?  They are 
burned onto a CD.  Or on the USB module. Or you could have them on Google.  
Or on your backup that you do religiously every evening at 11.30.

I'll preach to the converted.  Security is a big issue.  There is no simple 
solution.  There is no one super solution.  We must do the best we can with 
what we got.

(What did I do with those tranquilisers? Damn.  My blasted US spell checker 
wants to spell it with a zed. Mutter, mutter, mutter)

George


On Wednesday 04 July 2007 08:15, Tom Potts wrote:
> On Wednesday 04 July 2007 00:16, Simon Waters wrote:
> > george wrote:

> > > http://www.itwire.com.au/content/view/13292/53/
> >
> > Whilst I like the idea - I can think of one downside.
> >
> > The main reason Windows viruses don't try to mess with the BIOS is that
> > there is nowt to gain, and an infected host to lose from ones botnet.
> >
> > As soon a booting from an alternative media is widespread for banking,
> > some of the bots will try to hijack the BIOS so they can steal data from
> > the other operating system (or listen to the network traffic), or hijack
> > the router for similar (router meddling has the same downsides as BIOS
> > meddling for the abuser).
> >
> > Indeed subverting routers with Javascript has already been done, at
> > least as a proof of concept. The Javascript looked for routers, at the
> > manufacturers default IP address, with the manufacturers default
> > username/password (default passwords are a stupid idea! See Oracle and
> > "change on install" story). It would then login and change your routers
> > settings, which with things like DNS makes for a powerful kind of
> > phishing. So visiting a website with such Javascript led to exploit.



> > I'm also surprised how many people don't know that by default IE allows
> > the copying of clipboard content by Javascript. 
> Secure web browsing is a nice idea but at some time there will be a power
> cut and you will loose all your bookmarks and most people will grind to a
> halt then.
> Tom te tom te tom

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html