Re: Dedicated admin account (was Re: Debians security features in comparison to Ubuntu)
Lucky you, but not everyone, especially outside of Germany, has access to secure technology for banking. On 17. Mai 2014 19:03:41 MESZ, Sven Bartscher wrote: >On Sat, 17 May 2014 18:57:35 +0200 >Franz Brandl wrote: > >> May be off topic, but IMO one should use an OS booted from DVD or >write protected USB Stick for online banking. > >Assuming that no remote attacker can plug my HBCI-cardreader into the >USB-HUB, I think that is not necessary. >> On 17. Mai 2014 18:50:42 MESZ, Sven Bartscher > wrote: >> >On Sun, 18 May 2014 01:36:44 +0900 >> >Joel Rees wrote: >> > >> >> >> There are more reasons than the X11 hole to refrain from using >> >your >> >> >> admin user to surf the web. >> >> > >> >> > Just out of curiosity, what are these reasons? >> >> >> >> Your browser and any plugins, addons, etc. that it loads, >including >> >> java, flash, java/ecmascript, and, well, any scripting language >the >> >> browser can be running, for starters. >> >> >> >> Shoot, if my memory serves me, I seem to remember a class of >> >> vulnerabilities that has never really been answered, involving >> >pushing >> >> keyboard loggers into the keyboard controller itself. >> >> >> >> >> If you are worried about needing to find answers to admin >problems >> >by >> >> >> searching the web, lynx helps somewhat. But I still restrict >the >> >> >> places I visit with lynx while running as an admin to my search >> >engine >> >> >> site, certain subdomains of debian.org, and such. >> >> > >> >> > I'm not only worried about my admin account. >> >> > This is still a big security-hole for non-admins. >> >> >> >> The web is not safe. If you do internet banking, at least make a >> >> separate, dedicated account for that, too. And if you go places >where >> >> maybe you should not let you go, re-think your reasons for going. >> > >> >So basically I would need one account for surfing, one for >> >online-banking, ssh(-agent) and other important stuff and an >> >admin-account. Some accounts I missed? >> > >> >I know that's not gonna help, but I fell like there should be a >better >> >way to isolate processes. >> > >> >PS: Please don't CC me >> > >> >Regards >> >Sven >> >> -- >> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail >gesendet. -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
Re: Dedicated admin account (was Re: Debians security features in comparison to Ubuntu)
May be off topic, but IMO one should use an OS booted from DVD or write protected USB Stick for online banking. On 17. Mai 2014 18:50:42 MESZ, Sven Bartscher wrote: >On Sun, 18 May 2014 01:36:44 +0900 >Joel Rees wrote: > >> >> There are more reasons than the X11 hole to refrain from using >your >> >> admin user to surf the web. >> > >> > Just out of curiosity, what are these reasons? >> >> Your browser and any plugins, addons, etc. that it loads, including >> java, flash, java/ecmascript, and, well, any scripting language the >> browser can be running, for starters. >> >> Shoot, if my memory serves me, I seem to remember a class of >> vulnerabilities that has never really been answered, involving >pushing >> keyboard loggers into the keyboard controller itself. >> >> >> If you are worried about needing to find answers to admin problems >by >> >> searching the web, lynx helps somewhat. But I still restrict the >> >> places I visit with lynx while running as an admin to my search >engine >> >> site, certain subdomains of debian.org, and such. >> > >> > I'm not only worried about my admin account. >> > This is still a big security-hole for non-admins. >> >> The web is not safe. If you do internet banking, at least make a >> separate, dedicated account for that, too. And if you go places where >> maybe you should not let you go, re-think your reasons for going. > >So basically I would need one account for surfing, one for >online-banking, ssh(-agent) and other important stuff and an >admin-account. Some accounts I missed? > >I know that's not gonna help, but I fell like there should be a better >way to isolate processes. > >PS: Please don't CC me > >Regards >Sven -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
Re: NSA software in Debian
Hi, they don't need a real backdoor. They just need something that looks like a programming error. Possible buffer overflow, . Whether they themselves contributed the code or not, does not matter for them. Franz Bjoern Meier schrieb: >hi, > >2014/1/18 Marco Saller : >> Hey there, >> >> i am not sure if this question has been asked or answered yet, please >do not mind if i would ask it again. >> Is it possible that the NSA or other services included investigative >software in some Debian packages? >> >> Mit freundlichen Grüßen / Best Regards / 谨致问候 >> >> Marco Saller > >if you let this conspiracy out, yes of course it is possible: >http://en.wikipedia.org/wiki/Security-Enhanced_Linux >You should always have in mind, that not only one has insight in the >code. >Just the Firmware blobs, but I think this too way out of the >cost–benefit for the NSA. >But try it. Try to add a Backdoor or a "home telephone" in any of the >opensource software. >My guess: you get this thrown back on 80%. > >Greetings, >Björn > > >-- >To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org >with a subject of "unsubscribe". Trouble? Contact >listmas...@lists.debian.org >Archive: >http://lists.debian.org/cagmps54aifnk9ye-e-xn8bajanqgedxpms213ljw4bpqled...@mail.gmail.com -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.