Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 13 Dec 2019, 23:40
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Announcements
AtomicPup-Nucleus
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [5 Posts]  
Author Message
8Geee


Joined: 12 May 2008
Posts: 2098
Location: N.E. USA

PostPosted: Mon 06 May 2019, 09:34    Post subject:  AtomicPup-Nucleus
Subject description: 123Mb ISO
 

One of my recent 'little' projects was to experiment using a small browser thats easier on the old Atom N270 found in most netbooks (remember them?). I had a wow moment recently when OscarTalks linked-up the new version of Netsurf (v. 3.8-Slack 14.0). Just a browser-delta is amazing. AtomicPup-XIX shrank from 152 --> 123Mb ISO, and 460Mb --> 375Mb usage with the FreeOffice intact. And netsurf is Lightning compared to FF27. Just a bit quirky, but using geany to erase URL-history and Cookies works. When I punch-up Geany, there are now 4 files to check, the CUPS error log, the Recent Use xbel, and the two Netsurf files. I can handle that... easy maintanence, clean after use.

Now, in fairness, there are caveats to the simplicity. I would NOT do passwords for personal information purposes such as banking/shopping. A lot of stuff (especially 'buttons'), may not work. But I have found a few places of general interest, including regional weather, and YouTube, with D/L converter site (FORGET streaming).

In a word "useable", and another word "small".

Regards
8Geee

_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2098
Location: N.E. USA

PostPosted: Tue 04 Jun 2019, 16:08    Post subject: free wifi and gen. security  

As an update to the first post,I have used this pup a bit and can confirm a few things.

1.) Free Wifi usually comes with an 'acceptance page' with a button to connect/accept the terms and privacy. Two main sources McD's and Dunkin' cannot connect due to the missing button. Strogly believe this scripted button not allowed in Netsurf3.8... does not appear.

2.) Going to Qualys dot com for the Client-Side test revealed that SSL3, TLS1.0, and TLS1.1 security certs are installed and may be called. I find this unacceptable in 2019, with even certain TLS1.2 certs being compromised.

3.) Based on these two faults, I have decided NOT to release this spin.

Regards
8Geee

_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1707

PostPosted: Wed 05 Jun 2019, 03:42    Post subject: Re: free wifi and gen. security  

8Geee wrote:


2.) Going to Qualys dot com for the Client-Side test revealed
8Geee




Hi 8Geee,

Just curious (I know we both heavily change settings in Firefox to make it more secure and trying, over the years, to encourage others to do the same in the "Security" section on Murga here ), is this what ssllabs spits back when you run a test on your browser setup:

***********************************************************
SSL/TLS Capabilities of Your Browser


Protocol Support
Your user agent has good protocol support.
Your user agent supports TLS 1.2, which is recommended protocol version at the moment. Experimental: Your user agent supports TLS 1.3.

Logjam Vulnerability

Your user agent is not vulnerable.

FREAK Vulnerability

Your user agent is not vulnerable.

POODLE Vulnerability

Your user agent is not vulnerable.


Protocol Features

Protocols
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No

Cipher Suites (in order of preference)
TLS_AES_128_GCM_SHA256 (0x1301) Forward Secrecy 128
TLS_CHACHA20_POLY1305_SHA256 (0x1303) Forward Secrecy 256
TLS_AES_256_GCM_SHA384 (0x1302) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Forward Secrecy 256


Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets Yes
OCSP stapling Yes
Signature algorithms SHA256/ECDSA, SHA384/ECDSA, SHA512/ECDSA, RSA_PSS_SHA256, RSA_PSS_SHA384, RSA_PSS_SHA512, SHA256/RSA, SHA384/RSA, SHA512/RSA, SHA1/ECDSA, SHA1/RSA
Named Groups x25519, secp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072
Next Protocol Negotiation No
Application Layer Protocol Negotiation Yes h2 http/1.1
SSL 2 handshake compatibility No


Mixed Content Handling

Mixed Content Tests
Images Passive Yes
CSS Active No
Scripts Active No
XMLHttpRequest Active No
WebSockets Active No
Frames Active No

Related Functionality
Upgrade Insecure Requests request header (more info) Yes
**********************************************************

The three that I am uncertain on are the ones (two) I highlighted in blue and (one) in red. Should those two blue ones be coming back "yes"? If so, what settings in about:config should I change?

Same goes for the red one: how can I get that flipped & stay "No"? Since images are a main attack vector for malware when surfing around the Net, I would imagine having "Image" set passive isn't the best posture/setting. But I am uncertain what to change in about:config to make this a constant "No". Everything I've tried has broken the display of images on many sites.
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2098
Location: N.E. USA

PostPosted: Wed 05 Jun 2019, 16:48    Post subject:  

Using netsurf3.8-Slackware14.0 pet, I do not see the vunerability tests at all, and the list includes several weak schemes of TLS1.1, 1.0, and SSL3. This from memory, and I will connect again, and repost/edit to confirm. AFAIK, the "about config" stuff is locked out here. Based upon Oscar's pet without deltas.

Regards
8Geee

_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2098
Location: N.E. USA

PostPosted: Wed 05 Jun 2019, 17:41    Post subject: Ressults of Netsurf3.8 at Qualys Client Test  

OK, got it copied/pasted. Its long and rather poor IMHO.



Protocols
TLS 1.3 No
TLS 1.2 Yes*
TLS 1.1 Yes*
TLS 1.0 Yes*
SSL 3 Yes*
SSL 2 No

Cipher Suites (in order of preference)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)   Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)  WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)  WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)   Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)  WEAK 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)  WEAK 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)  WEAK 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)  WEAK 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)  WEAK 256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)  WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)  WEAK 128
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)  WEAK 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)  WEAK 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)  WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)  WEAK 128
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0xff) -
(1) When a browser supports SSL 2, its SSL 2-only suites are shown only on the very first connection to this site. To see the suites, close all browser windows, then open this exact page directly. Don't refresh.

Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets Yes
OCSP stapling No
Signature algorithms SHA512/RSA, SHA512/DSA, SHA512/ECDSA, SHA384/RSA, SHA384/DSA, SHA384/ECDSA, SHA256/RSA, SHA256/DSA, SHA256/ECDSA, SHA224/RSA, SHA224/DSA, SHA224/ECDSA, SHA1/RSA, SHA1/DSA, SHA1/ECDSA
Named Groups secp256r1, secp521r1, brainpoolP512r1, brainpoolP384r1, secp384r1, brainpoolP256r1, secp256k1, sect571r1, sect571k1, sect409k1, sect409r1, sect283k1, sect283r1
Next Protocol Negotiation Yes
Application Layer Protocol Negotiation No
SSL 2 handshake compatibility No

regards
8Geee

_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [5 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Announcements
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0399s ][ Queries: 11 (0.0068s) ][ GZIP on ]