On Sun, 18 May 2014 01:36:44 +0900 Joel Rees <joel.r...@gmail.com> wrote:
> >> There are more reasons than the X11 hole to refrain from using your > >> admin user to surf the web. > > > > Just out of curiosity, what are these reasons? > > Your browser and any plugins, addons, etc. that it loads, including > java, flash, java/ecmascript, and, well, any scripting language the > browser can be running, for starters. > > Shoot, if my memory serves me, I seem to remember a class of > vulnerabilities that has never really been answered, involving pushing > keyboard loggers into the keyboard controller itself. > > >> If you are worried about needing to find answers to admin problems by > >> searching the web, lynx helps somewhat. But I still restrict the > >> places I visit with lynx while running as an admin to my search engine > >> site, certain subdomains of debian.org, and such. > > > > I'm not only worried about my admin account. > > This is still a big security-hole for non-admins. > > The web is not safe. If you do internet banking, at least make a > separate, dedicated account for that, too. And if you go places where > maybe you should not let you go, re-think your reasons for going. So basically I would need one account for surfing, one for online-banking, ssh(-agent) and other important stuff and an admin-account. Some accounts I missed? I know that's not gonna help, but I fell like there should be a better way to isolate processes. PS: Please don't CC me Regards Sven
signature.asc
Description: PGP signature