Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 26 Oct 2014, 02:04
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Which browser is most secure?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 3 Posts_count   Goto page: 1, 2, 3 Next
Author Message
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 21 Oct 2009, 04:57    Post_subject:  Which browser is most secure?  

Working on the next version of GROWL

Puppy Browser is enabled for javascript and flash - not so good for security Crying or Very sad

choices in 4.3.1 package manager include:
gtkmoz
netsurf
skipstone
Would Dillo2 (if available?) be better for security/banking/building worlds biggest net?
[ Embarassed oops must not reveal secret Lobsterian phishing plans for increasing fish stocks] Wink

Which is the best of the small browsers for security?

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
trapster


Joined: 28 Nov 2005
Posts: 2009
Location: Maine, USA

PostPosted: Wed 21 Oct 2009, 07:03    Post_subject:  

I'm curious, is it only gui browsers that are security risks?
Where does lynx or elinks fit into this?

_________________
trapster
Maine, USA

Asus eeepc 1005HA PU1X-BK
Frugal install: Puppeee4.31 + 1.0, Puppy4.10 + Lupu52
Currently using Slacko AND lupu52 w/ fluxbox
Back to top
View user's profile Send_private_message Visit_website 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 21 Oct 2009, 07:59    Post_subject:  

lynx or elinks do not have javascript or Flash

Javascript is the only problem I have experienced
that is redirects or 'Clickjacking attacks'
You can turn off javascript with Monkeymenu
or Noscript
https://addons.mozilla.org/en-US/seamonkey/addon/722
- however these attacks are annoying more than anything
One did try and convince me that Windows was infected
I of course was not running Windows it was trying to sell
a product for a fault I did not and could not have (no Wine on my system even)

Adblock (part of 4.3.1) disables Flash
which can contain actionscript BUT I have never experienced problems with it

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
mikeb


Joined: 23 Nov 2006
Posts: 8368

PostPosted: Thu 05 Nov 2009, 07:47    Post_subject:  

The integration of internet explorer and other activeX controls on windows were the main catalysts for virus proliferation on the internet. The other route was having lan ports open to the net...135/137/139 (rpc and netbios/samba)
That's about it really...deal with that and life is much better.

mike
Back to top
View user's profile Send_private_message 
8-bit


Joined: 03 Apr 2007
Posts: 3385
Location: Oregon

PostPosted: Thu 05 Nov 2009, 10:28    Post_subject:
Sub_title: keyboard logger
 

I have an old laptop that dual boots Puppy 421 and Puppy 431.
It was setting idle with a black screen and no applications running.
It had a netlink USB wireless connection to the internet, but no browser running.
I noticed that the activity light on the USB wireless stick was flashing.
When I went to shut it down, just before the screen shut down with the computer, I noticed in the center of the screen a fleeting message.
All it said was "Keyboard Logger".
This is the first time I have ever seen anything like that.
I was also running Puppy 431 on the other computer that was connected to the router physically.
Is this anything to be concerned with?
Remember we are talking about 2 PCs running Puppy 431 here.
Back to top
View user's profile Send_private_message 
efiguy


Joined: 06 Sep 2006
Posts: 169

PostPosted: Fri 04 Dec 2009, 13:17    Post_subject:  

Hello 8-bit,

I too have noticed my network Icon flashing unexpectedly running Barry's early version, 431 (works fine for the tamed webserver app that I use it for and some browsing) have a download also from ttuuxxx website that is September update to try. Actually posting from Lighthouse in ram Puppy and found your post.

The harddrive version of 431 has Iptable mods and resists GRC probes, Cupsd is turned off. A base hardened Hiawatha is turned on, but there isn't any publication of its IP's and ports, but the PC sets directly off of a Linksys router.

I know that Windows is vulnerable to commercial keyloggers, and presume that Linux should also be, as it is so "network friendly", and the personal using it so much more capable of programming art.

I found a small linux a coupla days ago with a rootkit searching in the menu, it is called Insert-139B or close to that, maybe # is partially wrong,
Went to HD and found name to be INSERT-1.3.9b_en.iso

I booted it in ram, but it was so needful of command line guidance, that I personally could not use it.
As I type here, the network Icon of Lighthouse is inactive, as is the HD lights, I would have concern over your systems, maybe mine too

jay

PS edit,
A thought just occurred to me, reading all the posts on ttuuxxx link where members lament that so many pets have not been updated and errors are continued from puppy version to version, this is a way that mischief might be done, even if the "listener" on the "far end" is long gone - just a thought.
.
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Sat 20 Feb 2010, 06:13    Post_subject:  

Would you click on this browser link?
http://5z8.info/manhunter_b0c6w_nakedgrandmas.jpg

Shocked
Yep part of my 'don't fight the paranoia' campaign

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
nitehawk


Joined: 13 Apr 2008
Posts: 538
Location: West Central Florida

PostPosted: Sun 21 Feb 2010, 12:58    Post_subject:  

OK,...Netsurf and Slipstone don't have (am I right?) java or flash? I've used Midori (I likey)....but it has flash enabled (not java, though). But don't a lot of the banking (I'm thinking PayPal, too) require the use of java and/or flash? For instance,..even when I use the very latest FireFox,..my bank's "secure" website fusses at me for not using IE!!! (Firefox works, though,..just don't know how secure it really is...and the banking website has some stuff that only work with java).
Back to top
View user's profile Send_private_message 
DMcCunney

Joined: 02 Feb 2009
Posts: 897

PostPosted: Sun 21 Feb 2010, 18:00    Post_subject:  

nitehawk wrote:
OK,...Netsurf and Slipstone don't have (am I right?) java or flash? I've used Midori (I likey)....but it has flash enabled (not java, though). But don't a lot of the banking (I'm thinking PayPal, too) require the use of java and/or flash? For instance,..even when I use the very latest FireFox,..my bank's "secure" website fusses at me for not using IE!!! (Firefox works, though,..just don't know how secure it really is...and the banking website has some stuff that only work with java).

Let's be clear on a crucial point. Java and JavaScript are completely unrelated.

Java is a language created by Dr. James Gosling at Sun Microsystems, designed to be "Write once, run anywhere". Compiled Java code will run on any machine with a Java Virtual Machine installed, regardless of what you built it on. You can write Java on a PC and run it on Linux. Some websites embed Java applets, though they are rare. If you have Java installed on your machine, the browser calls Java as a plugin to handle the applet,the same way it calls Adobe's Flash player to handle flash.

JavaScript is a light weight, object oriented scripting language, originally written by Brendan Eich for Netscape Navigator 2. (Brendan is now Chief Architect at Mozilla.) It was originally called LiveScript, and was renamed to JavaScript by someone in Netscape marketing to capitalize on the popularity of Sun's then new Java language. This has caused endless confusion in the years since by people who conflate the two. The only thing the two languages have in common is the word Java in the name.

JavaScript has subsequently been implemented by most other browsers, has become an ECMA standard, and is appearing in things that aren't browsers. (Adobe embeds a form called ActionScript in PDFs.)

The main Linux browser I can think of offhand that doesn't support JavaScript is Dillo. (NetSurf and Slipstone may not, but I don't have them installed to look.) Firefox, SeaMonkey, Opera, Midori, and Elinks here all handle JavaScript. Firefox disables some JavaScript functions by default, like the "open unrequested window" function, which is normally used to create popups. The NoScript extension can disable JavaScript entirely (and optionally disable Java, Flash, and Microsoft Silverlight) unless the website is in a user maintained whitelist.

Most websites now use JavaScript, and won't behave correctly unless it is active. Your banking site (and mine) both use it. No banking site I am aware of uses Java (and I can't see a reason offhand why it would need to.) I could disable JavaScript entirely, but won't. Too many places I visit require it.

Many websites, including banking sites, alas, are coded expecting Internet Explorer as the browser, and complain if they don't see it. Generally, Firefox will actually work just fine, as long as the site is coded adhering to current web development standards. There are add-ons for Firefox and SeaMonkey designed to deal with brain dead sites that only think they work with IE by lying. They modify the user agent string sent to the website when they access it to claim the browser is IE rather than Firefox/SeaMonkey. (It's actually been some time since I've had to resort to that sort of trickery to get a site to work. Firefox is now too popular to ignore. Razz)

I haven't had security issues or worries with my banking and credit card sites. All use https to create an encrypted session between me and them when I am accessing account information. I don't worry about being compromised when I am accessing it.
______
Dennis
Back to top
View user's profile Send_private_message 
xman


Joined: 24 Sep 2009
Posts: 145

PostPosted: Mon 12 Apr 2010, 15:49    Post_subject:  

DMcCunney wrote:
Java is a language created by Dr. James Gosling at Sun Microsystems, designed to be "Write once, run anywhere". Compiled Java code will run on any machine with a Java Virtual Machine installed, regardless of what you built it on. You can write Java on a PC and run it on Linux. Some websites embed Java applets, though they are rare. If you have Java installed on your machine, the browser calls Java as a plugin to handle the applet, the same way it calls Adobe's Flash player to handle flash.

Father of Java, James Gosling, follows a number of other noted ex-Sun employees out the door since Oracle's purchase of the company was finalized in January.

After news, something about insecure browsing. Google researcher Tavis Ormandy has published details of a Java virtual machine bug that could be used to run unauthorized programs on a computer. The flaw affects all versions since Java SE 6 update 10 for Microsoft Windows and Linux (http://seclists.org/bugtraq/2010/Apr/80).

Many researchers are talking about serious Java bug, but Oracle don't consider this vulnerability to be critical, which could be a mistake on their part as that means it won't be patched until the next patch in the cycle is released – which should be around July.
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Wed 05 May 2010, 03:46    Post_subject:  

Access all areas - go to all URL's
http://lifehacker.com/5516305/top-10-ways-to-access-blocked-stuff-on-the-web

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
xman


Joined: 24 Sep 2009
Posts: 145

PostPosted: Tue 19 Oct 2010, 12:03    Post_subject:
Sub_title: Have you checked the Java?
 

Are you experiencing your browser unstable? Have you Java? Is your Java up to date? Many questions, but there is a reason for them. The number of Java exploit attempts increased sharply in summer (http://blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx).
Back to top
View user's profile Send_private_message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 19 Oct 2010, 15:51    Post_subject:  

http://puppylinux.org/wikka/JavaRuntimeEnvironment

Coolpup has just repackaged java
Midori in Lucid 5.2 warns that it may be a security risk if used as
a connect to web browser (it is used internally as a HTML reader)
- is it a risk? Can it be hardened?
What about Iron (secure Chrome) 2 versions are available in the
Lucid 5.2 package manager - check it out
http://en.wikipedia.org/wiki/SRWare_Iron

Check them all with Wireshark
http://murga-linux.com/puppy/viewtopic.php?p=111787#111787

_________________
Puppy WIKI
Back to top
View user's profile Send_private_message Visit_website 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Mon 31 Jan 2011, 23:53    Post_subject:  

900 million IE users compromised
http://www.bbc.co.uk/news/technology-12325139

_________________
Puppy WIKI

Edited_time_total
Back to top
View user's profile Send_private_message Visit_website 
ttuuxxx


Joined: 05 May 2007
Posts: 10831
Location: Ontario Canada,Sydney Australia

PostPosted: Tue 01 Feb 2011, 18:32    Post_subject:  

I would say the latest Firefox 4, without flash and java. Firefox is updated 10 to 1 compared to Seamonkey, the guys at Seamonkey just monkey around most the time, lol
I don't think any other browser is updated/patched and tested for security leaks as much as Firefox.
ttuuxxx

_________________
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games Smile
Back to top
View user's profile Send_private_message Visit_website 
Display_posts:   Sort by:   
Page 1 of 3 Posts_count   Goto page: 1, 2, 3 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0957s ][ Queries: 12 (0.0079s) ][ GZIP on ]