On Fri, 18 Jan 2008 15:14:05 + (UTC)
Alexey Vatchenko [EMAIL PROTECTED] wrote:
On 2008-01-18, Tony Abernethy [EMAIL PROTECTED] wrote:
Alexey Vatchenko wrote:
On 2008-01-18, Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
If you
On Fri, Jan 18, 2008 at 09:30:01PM +0200, Jussi Peltola wrote:
Most of the replies are missing the point. You do not only want to
protect the rest of your system from your browser. You also want
to avoid your browser doing anything an attacker wants when he
finds an exploit in it.
If you
Well short of building yourself into a faraday cage there is not much you
can do to avoid van Eck sniffing. Also while LCD's are immune, I hear that a
similar technique can be applied to LCD's. I am guessing sniffing LCD's is
probably an order of magnatude more difficult than CRT tho.
On
On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote:
Most secure goes a long way. I run firefox on a sepperate user
account. I doubt it's the most secure solution but it sure is
quite a bit more secure, and I'm quite sure you really don't want
to the most secure solution. :-)
On Friday 18 January 2008, Joel Wiramu Pauling wrote:
in the end a scrubbing proxy would be a good idea if your uber
paranoid.
does your bank not use SSL? or do you have some scrubbing proxy
that you trust enough to MITM connections to your bank?
No but having a scrubbing proxy reduces
On Sat, 19 Jan 2008, Jona Joachim wrote:
On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote:
Talking about brainfucked bank sites...
My bank checks for the browser's user-agent: Firefox on win32 an Linux
passes, Firefox on *BSD is denied access, unless you change the
user-agent
On Sat, Jan 19, 2008 at 08:24:27AM +0100, ropers wrote:
On 19/01/2008, Douglas A. Tutty [EMAIL PROTECTED] wrote:
may just be very insecure. Which is it? You can't tell without looking
at the details, or asking somebody who has done so. Your specific
questions to this list about Dillo et al.
Lynx is secure ;)
There are no insecure browsers, just insecure sites.
On Jan 18, 2008 4:39 PM, Tony Abernethy [EMAIL PROTECTED] wrote:
Alexey Vatchenko wrote:
On 2008-01-18, Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
If you
On Thu, Jan 17, 2008 at 10:11:47PM -0500, Steve Shockley wrote:
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
Assuming you've already decided to run X, then why not
On Fri, Jan 18, 2008 at 03:14:05PM +, Alexey Vatchenko wrote:
On 2008-01-18, Tony Abernethy [EMAIL PROTECTED] wrote:
Alexey Vatchenko wrote:
On 2008-01-18, Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
If you want security,
On Fri, Jan 18, 2008 at 06:25:41PM +1300, Joel Wiramu Pauling wrote:
chroot ;-).
See the previous threads on this list about the false sense of security
with virtualization and chroots in this context.
Also see the previous thread for how I'm separating things between
secure, entertainment
Alexey Vatchenko wrote:
On 2008-01-18, Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
If you want security, get rid of X.
Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow
On Fri, Jan 18, 2008 at 02:33:30PM +0100, Han Boetes wrote:
Most secure goes a long way. I run firefox on a sepperate user
account. I doubt it's the most secure solution but it sure is
quite a bit more secure, and I'm quite sure you really don't want
to the most secure solution. :-)
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
No kidding. Having X installed on a main server is a bad idea. What does
this main server do? If you need a GUI on your server you should
probably use Linux or Windows.
If you just need a browser to view documentation on the
Most secure goes a long way. I run firefox on a sepperate user
account. I doubt it's the most secure solution but it sure is
quite a bit more secure, and I'm quite sure you really don't want
to the most secure solution. :-)
http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people
# Han
On Fri, Jan 18, 2008 at 08:39:57AM -0600, Tony Abernethy wrote:
Alexey Vatchenko wrote:
On 2008-01-18, Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
If you want security, get rid of X.
Even if it's OpenBSD's X? The one that
On Fri, Jan 18, 2008 at 05:10:58PM +0200, Dusty wrote:
There are no insecure browsers, just insecure sites.
OK, but how do you tell a secure site from an insecure site? If a site
turns out to be insecure, if the browser isn't vulnerable to the attacks
that the insecure site can exploit, then
On Fri, Jan 18, 2008 at 09:30:01PM +0200, Jussi Peltola wrote:
Most of the replies are missing the point. You do not only want to
protect the rest of your system from your browser. You also want to
avoid your browser doing anything an attacker wants when he finds an
exploit in it.
If you
On 1/18/08, Alexey Vatchenko [EMAIL PROTECTED] wrote:
The problem is not in blobbyness (all drivers that come with OpenBSD are open
sourced), the problem is that the userland program (X server) has access to
the
things that must be allowed only to kernel.
and if you don't run X, it doesn't
dude, from what your saying, then run a browser, in chroot via ssh. To your
remote X server. You may also want to rub a scrubbing proxy in that environ,
(i.e dans guardian or somesuch). While a chroot is not ideal, it is a step
up from running just plain ol unprivileged. And it's not like chroots
On 2008-01-18, Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
If you want security, get rid of X.
Even if it's OpenBSD's X? The one that you need should you need to
build any ports (including if you follow current and need security
On Sat, 19 Jan 2008 08:47:56 +1300, Joel Wiramu Pauling wrote:
One other note, if your planning on doing any internet banking, your pretty
much stuck with Firefox or Opera (using binary emulation). Haven't tried ie
under wine on openbsd, it may work also.
Why? Because a lot of the internet
On Sat, 19 Jan 2008 08:41:18 +1300
Joel Wiramu Pauling [EMAIL PROTECTED] wrote:
but to me sounds like your making a non-issue into a mole hill. Even
the most limited of hardware can run decent browsers. Why you are
insisting on using your access box, when you have another machine is
beyond
On 2008/01/19 08:47, Joel Wiramu Pauling wrote:
One other note, if your planning on doing any internet banking, your pretty
much stuck with Firefox or Opera (using binary emulation).
lynx works fine for me. with some of the things that are being
suggested, isn't it easier to just change bank?
On 2008-01-18, Tony Abernethy [EMAIL PROTECTED] wrote:
Alexey Vatchenko wrote:
On 2008-01-18, Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 06:24:16PM -0700, Clint Pachl wrote:
If you want security, get rid of X.
Even if it's OpenBSD's X? The one that you need
Dude, you want a proxy with different user ACLs. This is not a browser thing
at all.
2 firefox profiles will do the same thing, each having a different proxy
user set. Hell have 2 user accounts on your entertainment box, and ssh -X
[EMAIL PROTECTED] when you want to bring up your secure account.
Most of the replies are missing the point. You do not only want to
protect the rest of your system from your browser. You also want to
avoid your browser doing anything an attacker wants when he finds an
exploit in it.
If you try to solve the problem with virtualization, different users or
One other note, if your planning on doing any internet banking, your pretty
much stuck with Firefox or Opera (using binary emulation). Haven't tried ie
under wine on openbsd, it may work also.
Why? Because a lot of the internet banking sites are useless and while
things like konqueror load them,
On 19/01/2008, Douglas A. Tutty [EMAIL PROTECTED] wrote:
As for the security record of popular browsers, this is the question.
Is a browser with a long history of few security bugs more or less
secure than a browser with a long history of many security bugs?
Someone suggested that Dillo, with
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do javascript or flash (I have a different box for
entertainment).
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do javascript or flash (I have a different
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to do javascript or flash (I have a different
On Thu, 17 Jan 2008 15:42:38 -0500
Douglas A. Tutty [EMAIL PROTECTED] wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
what are you referring to?
are we restarting the VM are more secure flame fest?
On Thu, Jan 17, 2008 at 06:36:27PM -0500, Frank Bax wrote:
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that
On Jan 17, 2008 8:42 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no graphical browser in base. I don't need or want this
browser to
On Jan 17, 2008, at 3:36 PM, Frank Bax wrote:
Have you considered running the browser in a virtual environment?
Outside of virtualization providing snapshots, it doesn't do anything
to truly improve security.
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
There is no
On Thu, 17 Jan 2008 18:17:54 -0500
Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also
need to be able to use
On Thu, 17 Jan 2008 18:17:54 Douglas A. Tutty [EMAIL PROTECTED] wrote:
A main server where you need a graphical browser?
It can be useful for (esp. junior) sysadmins who've hooked up a
monitor and keyboard to a server and are sitting in front of it to
administer it, and who may not be
Rico Secada wrote:
On Thu, 17 Jan 2008 18:17:54 -0500
Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but
On Thu, Jan 17, 2008 at 06:36:27PM -0500, Frank Bax wrote:
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
Have you considered running the browser in a virtual
On Jan 17, 2008, at 5:02 PM, ropers wrote:
It can be useful for (esp. junior) sysadmins who've hooked up a
monitor and keyboard to a server and are sitting in front of it to
administer it, and who may not be confident enough of their choices
without googling and reading through a number of
On Fri, Jan 18, 2008 at 01:03:07AM +0100, Rico Secada wrote:
On Thu, 17 Jan 2008 18:17:54 -0500
Douglas A. Tutty [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
I have a box that I
Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical browser from it (I know that this is a
trade-off).
Assuming you've already decided to run X, then why not just run the
browser on your other machine and set the display to
On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote:
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
On Thursday 17 January 2008 03:42:38 pm Douglas A. Tutty wrote:
I have a box that I want to keep as secure as I can but I also need to
be able to use a graphical
chroot ;-).
It is a pity that the is nothing like linux vservers for openbsd as yet ;-)
On 18/01/2008, Joachim Schipper [EMAIL PROTECTED] wrote:
On Thu, Jan 17, 2008 at 06:17:54PM -0500, Douglas A. Tutty wrote:
On Thu, Jan 17, 2008 at 05:11:53PM -0500, STeve Andre' wrote:
On Thursday 17
47 matches
Mail list logo