Slashdot Mirror
'Extreme Security' Web Browsing
Sarah S writes "The application security researcher Jeremiah Grossman described to CSO magazine how he takes extreme measure to stay safe online. The simplest tip he uses: two separate browsers: 'One, which he calls the 'promiscuous' browser, is the one he uses for ordinary browsing. A second browser is used only for security-critical tasks such as online banking. When Grossman wants to do online banking, he closes his promiscous browser, opens the more prudish one, and does only what he has to do before closing it and going back to his insecure browser.'"
You're correct, it's not.
Unless the second browser is on a knoppix cd...
Acid House saves Souls
they are called "zones" put sites you trust in "trusted sites" and once you dont in "restricted" you can configure each of the zones (there are 5 but only 4 visible) security settings to however paranoid or trusting you are of the sites you visit, each setting is independent eg turn off script on normal internet surfing but only allowing certain sites to use
Mozilla. It's probably an older version by now, but the Mozilla browser used to (possibly still does) have a setting which you could specify that only images from the original page would be loaded -- cuts out quite a few ads.
Given Firefox's pedigree, I'd be willing to bet that about:config has some setting which allows this, but I can't say what it might be. Mayhaps some helpful soul will respond and say what the setting would be.
Cheers
Lost at C:>. Found at C.
VMware player is open source:
http://www.vmware.com/products/player/
It also has a secure browsing "virtual appliance," or virtual machine with software pre-installed:
http://www.vmware.com/appliances/directory/browserapp.html
The software is open-source.
technical writing / development
What you can do instead of using multiple browsers, is use separate Firefox profiles using MOZ_NO_REMOTE=1. I explain this technique in a blog entry, Using multiple Firefox profiles simultaneously to guard against CSRF attacks
This technique would be almost be equivalent to using multiple browsers, and I don't know why Jeremiah hasn't caught onto it. I and several others have been proposing others do the same for a while now. You can further enhance the security by running different Firefox profiles under different users. I included links to what others like Joanna Rutkowska does on Vista with IE7, Firefox, and Thunderbird.
You wouldn't need to use two different browsers, I believe, just two different 'users' on firefox, with two different firefox profiles. It's easy to set up new profiles using firefox's profile manager (under Windows: firefox.exe --profilemanager). This brings along a whole different set of cookies for the different user. (Being logged on to a site as one user would not carry over simultaneously to the other user.)
Just double-click the desktop icon for the 'secure' user before doing online banking, etc., then close that user's firefox session when done.
Of course, this is just aimed at CSRF attacks (discussed by TFA), and doesn't address any of the concerns about keyloggers, etc. expressed in the posts above....
And use a tool like Password Asterisk Viewer (free from http://www.lostpassword.com/ to extract those asterisks... if a simple tool like this can do it, surely a sophisticated keylogger can have the same capability built in.
~REZ~ #43301. Who'd fake being me anyway?
about:config filter using image
permissions.default.image
Set to 3 blocks third party images.
Set to 1 to reset to all images.
Speak for yourself, my bank supplied me and all their online banking customers with a card reader. I believe all other major competitors in the UK banking sector do similar things.