Re: Dedicated admin account (was Re: Debians security features in comparison to Ubuntu)

2014-05-17 Thread Franz Brandl 
May be off topic, but IMO one should use an OS booted from DVD or write 
protected USB Stick for online banking.


On 17. Mai 2014 18:50:42 MESZ, Sven Bartscher 
sven.bartsc...@weltraumschlangen.de wrote:
On Sun, 18 May 2014 01:36:44 +0900
Joel Rees joel.r...@gmail.com wrote:

  There are more reasons than the X11 hole to refrain from using
your
  admin user to surf the web.
 
  Just out of curiosity, what are these reasons?
 
 Your browser and any plugins, addons, etc. that it loads, including
 java, flash, java/ecmascript, and, well, any scripting language the
 browser can be running, for starters.
 
 Shoot, if my memory serves me, I seem to remember a class of
 vulnerabilities that has never really been answered, involving
pushing
 keyboard loggers into the keyboard controller itself.
 
  If you are worried about needing to find answers to admin problems
by
  searching the web, lynx helps somewhat. But I still restrict the
  places I visit with lynx while running as an admin to my search
engine
  site, certain subdomains of debian.org, and such.
 
  I'm not only worried about my admin account.
  This is still a big security-hole for non-admins.
 
 The web is not safe. If you do internet banking, at least make a
 separate, dedicated account for that, too. And if you go places where
 maybe you should not let you go, re-think your reasons for going.

So basically I would need one account for surfing, one for
online-banking, ssh(-agent) and other important stuff and an
admin-account. Some accounts I missed?

I know that's not gonna help, but I fell like there should be a better
way to isolate processes.

PS: Please don't CC me

Regards
Sven

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Re: NSA software in Debian

2014-01-18 Thread Franz Brandl 
Hi,

they don't need a real backdoor. They just need something that looks like a 
programming error. Possible buffer overflow, . Whether they themselves 
contributed the code or not, does not matter for them.

Franz




Bjoern Meier bjoern.me...@gmail.com schrieb:
hi,

2014/1/18 Marco Saller marcosal...@yahoo.de:
 Hey there,

 i am not sure if this question has been asked or answered yet, please
do not mind if i would ask it again.
 Is it possible that the NSA or other services included investigative
software in some Debian packages?

 Mit freundlichen Grüßen / Best Regards / 谨致问候

 Marco Saller

if you let this conspiracy out, yes of course it is possible:
http://en.wikipedia.org/wiki/Security-Enhanced_Linux
You should always have in mind, that not only one has insight in the
code.
Just the Firmware blobs, but I think this too way out of the
cost–benefit for the NSA.
But try it. Try to add a Backdoor or a home telephone in any of the
opensource software.
My guess: you get this thrown back on 80%.

Greetings,
Björn


--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive:
http://lists.debian.org/cagmps54aifnk9ye-e-xn8bajanqgedxpms213ljw4bpqled...@mail.gmail.com

--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.