The time now is Thu 26 Apr 2018, 13:47
All times are UTC - 4 |
Page 1 of 3 [32 Posts] |
Goto page: 1, 2, 3 Next |
Author |
Message |
Lobster
Official Crustacean

Joined: 04 May 2005 Posts: 15238 Location: Paradox Realm
|
Posted: Wed 21 Oct 2009, 04:57 Post subject:
Which browser is most secure? |
|
Working on the next version of GROWL
Puppy Browser is enabled for javascript and flash - not so good for security
choices in 4.3.1 package manager include:
gtkmoz
netsurf
skipstone
Would Dillo2 (if available?) be better for security/banking/building worlds biggest net?
[ oops must not reveal secret Lobsterian phishing plans for increasing fish stocks]
Which is the best of the small browsers for security?
_________________ YinYana AI Buddhism
|
Back to top
|
|
 |
trapster

Joined: 28 Nov 2005 Posts: 2106 Location: Maine, USA
|
Posted: Wed 21 Oct 2009, 07:03 Post subject:
|
|
I'm curious, is it only gui browsers that are security risks?
Where does lynx or elinks fit into this?
_________________ trapster
Maine, USA
Asus eeepc 1005HA PU1X-BK
Frugal install: Slacko
Currently using full install: DebianDog
|
Back to top
|
|
 |
Lobster
Official Crustacean

Joined: 04 May 2005 Posts: 15238 Location: Paradox Realm
|
Posted: Wed 21 Oct 2009, 07:59 Post subject:
|
|
lynx or elinks do not have javascript or Flash
Javascript is the only problem I have experienced
that is redirects or 'Clickjacking attacks'
You can turn off javascript with Monkeymenu
or Noscript
https://addons.mozilla.org/en-US/seamonkey/addon/722
- however these attacks are annoying more than anything
One did try and convince me that Windows was infected
I of course was not running Windows it was trying to sell
a product for a fault I did not and could not have (no Wine on my system even)
Adblock (part of 4.3.1) disables Flash
which can contain actionscript BUT I have never experienced problems with it
_________________ YinYana AI Buddhism
|
Back to top
|
|
 |
mikeb

Joined: 23 Nov 2006 Posts: 11109
|
Posted: Thu 05 Nov 2009, 07:47 Post subject:
|
|
The integration of internet explorer and other activeX controls on windows were the main catalysts for virus proliferation on the internet. The other route was having lan ports open to the net...135/137/139 (rpc and netbios/samba)
That's about it really...deal with that and life is much better.
mike
|
Back to top
|
|
 |
8-bit

Joined: 03 Apr 2007 Posts: 3425 Location: Oregon
|
Posted: Thu 05 Nov 2009, 10:28 Post subject:
Subject description: keyboard logger |
|
I have an old laptop that dual boots Puppy 421 and Puppy 431.
It was setting idle with a black screen and no applications running.
It had a netlink USB wireless connection to the internet, but no browser running.
I noticed that the activity light on the USB wireless stick was flashing.
When I went to shut it down, just before the screen shut down with the computer, I noticed in the center of the screen a fleeting message.
All it said was "Keyboard Logger".
This is the first time I have ever seen anything like that.
I was also running Puppy 431 on the other computer that was connected to the router physically.
Is this anything to be concerned with?
Remember we are talking about 2 PCs running Puppy 431 here.
|
Back to top
|
|
 |
efiguy

Joined: 06 Sep 2006 Posts: 169
|
Posted: Fri 04 Dec 2009, 13:17 Post subject:
|
|
Hello 8-bit,
I too have noticed my network Icon flashing unexpectedly running Barry's early version, 431 (works fine for the tamed webserver app that I use it for and some browsing) have a download also from ttuuxxx website that is September update to try. Actually posting from Lighthouse in ram Puppy and found your post.
The harddrive version of 431 has Iptable mods and resists GRC probes, Cupsd is turned off. A base hardened Hiawatha is turned on, but there isn't any publication of its IP's and ports, but the PC sets directly off of a Linksys router.
I know that Windows is vulnerable to commercial keyloggers, and presume that Linux should also be, as it is so "network friendly", and the personal using it so much more capable of programming art.
I found a small linux a coupla days ago with a rootkit searching in the menu, it is called Insert-139B or close to that, maybe # is partially wrong,
Went to HD and found name to be INSERT-1.3.9b_en.iso
I booted it in ram, but it was so needful of command line guidance, that I personally could not use it.
As I type here, the network Icon of Lighthouse is inactive, as is the HD lights, I would have concern over your systems, maybe mine too
jay
PS edit,
A thought just occurred to me, reading all the posts on ttuuxxx link where members lament that so many pets have not been updated and errors are continued from puppy version to version, this is a way that mischief might be done, even if the "listener" on the "far end" is long gone - just a thought.
.
|
Back to top
|
|
 |
Lobster
Official Crustacean

Joined: 04 May 2005 Posts: 15238 Location: Paradox Realm
|
Posted: Sat 20 Feb 2010, 06:13 Post subject:
|
|
Would you click on this browser link?
http://5z8.info/manhunter_b0c6w_nakedgrandmas.jpg
Yep part of my 'don't fight the paranoia' campaign
_________________ YinYana AI Buddhism
|
Back to top
|
|
 |
nitehawk

Joined: 13 Apr 2008 Posts: 655 Location: West Central Florida
|
Posted: Sun 21 Feb 2010, 12:58 Post subject:
|
|
OK,...Netsurf and Slipstone don't have (am I right?) java or flash? I've used Midori (I likey)....but it has flash enabled (not java, though). But don't a lot of the banking (I'm thinking PayPal, too) require the use of java and/or flash? For instance,..even when I use the very latest FireFox,..my bank's "secure" website fusses at me for not using IE!!! (Firefox works, though,..just don't know how secure it really is...and the banking website has some stuff that only work with java).
|
Back to top
|
|
 |
DMcCunney
Joined: 02 Feb 2009 Posts: 894
|
Posted: Sun 21 Feb 2010, 18:00 Post subject:
|
|
nitehawk wrote: | OK,...Netsurf and Slipstone don't have (am I right?) java or flash? I've used Midori (I likey)....but it has flash enabled (not java, though). But don't a lot of the banking (I'm thinking PayPal, too) require the use of java and/or flash? For instance,..even when I use the very latest FireFox,..my bank's "secure" website fusses at me for not using IE!!! (Firefox works, though,..just don't know how secure it really is...and the banking website has some stuff that only work with java). |
Let's be clear on a crucial point. Java and JavaScript are completely unrelated.
Java is a language created by Dr. James Gosling at Sun Microsystems, designed to be "Write once, run anywhere". Compiled Java code will run on any machine with a Java Virtual Machine installed, regardless of what you built it on. You can write Java on a PC and run it on Linux. Some websites embed Java applets, though they are rare. If you have Java installed on your machine, the browser calls Java as a plugin to handle the applet,the same way it calls Adobe's Flash player to handle flash.
JavaScript is a light weight, object oriented scripting language, originally written by Brendan Eich for Netscape Navigator 2. (Brendan is now Chief Architect at Mozilla.) It was originally called LiveScript, and was renamed to JavaScript by someone in Netscape marketing to capitalize on the popularity of Sun's then new Java language. This has caused endless confusion in the years since by people who conflate the two. The only thing the two languages have in common is the word Java in the name.
JavaScript has subsequently been implemented by most other browsers, has become an ECMA standard, and is appearing in things that aren't browsers. (Adobe embeds a form called ActionScript in PDFs.)
The main Linux browser I can think of offhand that doesn't support JavaScript is Dillo. (NetSurf and Slipstone may not, but I don't have them installed to look.) Firefox, SeaMonkey, Opera, Midori, and Elinks here all handle JavaScript. Firefox disables some JavaScript functions by default, like the "open unrequested window" function, which is normally used to create popups. The NoScript extension can disable JavaScript entirely (and optionally disable Java, Flash, and Microsoft Silverlight) unless the website is in a user maintained whitelist.
Most websites now use JavaScript, and won't behave correctly unless it is active. Your banking site (and mine) both use it. No banking site I am aware of uses Java (and I can't see a reason offhand why it would need to.) I could disable JavaScript entirely, but won't. Too many places I visit require it.
Many websites, including banking sites, alas, are coded expecting Internet Explorer as the browser, and complain if they don't see it. Generally, Firefox will actually work just fine, as long as the site is coded adhering to current web development standards. There are add-ons for Firefox and SeaMonkey designed to deal with brain dead sites that only think they work with IE by lying. They modify the user agent string sent to the website when they access it to claim the browser is IE rather than Firefox/SeaMonkey. (It's actually been some time since I've had to resort to that sort of trickery to get a site to work. Firefox is now too popular to ignore. )
I haven't had security issues or worries with my banking and credit card sites. All use https to create an encrypted session between me and them when I am accessing account information. I don't worry about being compromised when I am accessing it.
______
Dennis
|
Back to top
|
|
 |
xman

Joined: 24 Sep 2009 Posts: 144
|
Posted: Mon 12 Apr 2010, 15:49 Post subject:
|
|
DMcCunney wrote: | Java is a language created by Dr. James Gosling at Sun Microsystems, designed to be "Write once, run anywhere". Compiled Java code will run on any machine with a Java Virtual Machine installed, regardless of what you built it on. You can write Java on a PC and run it on Linux. Some websites embed Java applets, though they are rare. If you have Java installed on your machine, the browser calls Java as a plugin to handle the applet, the same way it calls Adobe's Flash player to handle flash. |
Father of Java, James Gosling, follows a number of other noted ex-Sun employees out the door since Oracle's purchase of the company was finalized in January.
After news, something about insecure browsing. Google researcher Tavis Ormandy has published details of a Java virtual machine bug that could be used to run unauthorized programs on a computer. The flaw affects all versions since Java SE 6 update 10 for Microsoft Windows and Linux (http://seclists.org/bugtraq/2010/Apr/80).
Many researchers are talking about serious Java bug, but Oracle don't consider this vulnerability to be critical, which could be a mistake on their part as that means it won't be patched until the next patch in the cycle is released – which should be around July.
|
Back to top
|
|
 |
Lobster
Official Crustacean

Joined: 04 May 2005 Posts: 15238 Location: Paradox Realm
|
Posted: Wed 05 May 2010, 03:46 Post subject:
|
|
Access all areas - go to all URL's
http://lifehacker.com/5516305/top-10-ways-to-access-blocked-stuff-on-the-web
_________________ YinYana AI Buddhism
|
Back to top
|
|
 |
xman

Joined: 24 Sep 2009 Posts: 144
|
Posted: Tue 19 Oct 2010, 12:03 Post subject:
Subject description: Have you checked the Java? |
|
Are you experiencing your browser unstable? Have you Java? Is your Java up to date? Many questions, but there is a reason for them. The number of Java exploit attempts increased sharply in summer (http://blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx).
|
Back to top
|
|
 |
Lobster
Official Crustacean

Joined: 04 May 2005 Posts: 15238 Location: Paradox Realm
|
Posted: Tue 19 Oct 2010, 15:51 Post subject:
|
|
http://puppylinux.org/wikka/JavaRuntimeEnvironment
Coolpup has just repackaged java
Midori in Lucid 5.2 warns that it may be a security risk if used as
a connect to web browser (it is used internally as a HTML reader)
- is it a risk? Can it be hardened?
What about Iron (secure Chrome) 2 versions are available in the
Lucid 5.2 package manager - check it out
http://en.wikipedia.org/wiki/SRWare_Iron
Check them all with Wireshark
http://murga-linux.com/puppy/viewtopic.php?p=111787#111787
_________________ YinYana AI Buddhism
|
Back to top
|
|
 |
Lobster
Official Crustacean

Joined: 04 May 2005 Posts: 15238 Location: Paradox Realm
|
Posted: Mon 31 Jan 2011, 23:53 Post subject:
|
|
900 million IE users compromised
http://www.bbc.co.uk/news/technology-12325139
_________________ YinYana AI Buddhism
Last edited by Lobster on Wed 02 Feb 2011, 01:07; edited 1 time in total
|
Back to top
|
|
 |
ttuuxxx

Joined: 05 May 2007 Posts: 11193 Location: Ontario Canada,Sydney Australia
|
Posted: Tue 01 Feb 2011, 18:32 Post subject:
|
|
I would say the latest Firefox 4, without flash and java. Firefox is updated 10 to 1 compared to Seamonkey, the guys at Seamonkey just monkey around most the time, lol
I don't think any other browser is updated/patched and tested for security leaks as much as Firefox.
ttuuxxx
_________________ http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games 
|
Back to top
|
|
 |
|
Page 1 of 3 [32 Posts] |
Goto page: 1, 2, 3 Next |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|