Slashdot Mirror
'Extreme Security' Web Browsing
Sarah S writes "The application security researcher Jeremiah Grossman described to CSO magazine how he takes extreme measure to stay safe online. The simplest tip he uses: two separate browsers: 'One, which he calls the 'promiscuous' browser, is the one he uses for ordinary browsing. A second browser is used only for security-critical tasks such as online banking. When Grossman wants to do online banking, he closes his promiscous browser, opens the more prudish one, and does only what he has to do before closing it and going back to his insecure browser.'"
While I do understand what is being said about using two browsers, me personally, I would find that annoying... I only use FireFox... And opening and closing it to open say Opera or IE... that would get annoying after awhile when I know there are products out there that can help protect your data while doing online banking. Speaking of which, I have been doing that since 2000 when I graduated from highschool and ventured into the real world without any issues... How many of you actually use two separate browsers as described here, I am just wondering...
-- Josh
"Whoopie! Man, that may have been a small one for Neil, but that's a long one for me!" - Pete Conrad
For more secure browsing and ebanking(at our house), we keep knoppix cd and dvd's beside our computers and boot with that.
That'd help.
Unless somebody really wants your data
If you want *secure*, you can boot the anonym.os LiveCD, which, while a bit out-of-date, has some good anonymization tools as well.
Or, as others have suggested, a dedicated virtual machine which can revert its state at shutdown, so you know there won't be any nasties lurking even in the sandbox.
Hail Eris, full of mischief...
E pluribus sanguinem
And the problem is?
It is safe to write down passwords. We are good at keeping bits of paper safe. That is what a wallet is for.
I do exactly the opposite.
I use my paranoid-secure browser when I visit random sites (like clicking on Google results), which constitutes the vast majority of my browsing.
I use my "insecure" browser to give me more functionality when I visit sites that I trust the most. (Actually, I am sometimes forced to use my "insecure" browser in this case because the site might require me to enable JavaScript (or whatever) in order to log in.)
I think it's fascinating that he does just the opposite of me, and he somehow thinks that it's "more secure".
This will just cause people to write down their passwords.
And what, exactly, is wrong with this? Bruce Schneier offers the following wisdom:
I write my passwords down. There's this rampant myth that you shouldn't write your passwords down. My advice is exactly the opposite. We already know how to secure small bits of paper. Write your passwords down on a small bit of paper, and put it with all of your other valuable small bits of paper: in your wallet.
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
Wow. Sounds like you put a lot of personal perspective into your post. My wife goes for more porn online than I do by a long-shot, so I don't worry about my browser history too much.
The question for me is:
Why do online banking?
My bank had a poster in the lobby stating that they used "state of the art" security measures to protect their online banking customers. I reflected on the state of the art and wondered why anyone would trust their money with online banking. For me the risk / convenience just doesn't work out. My electronic banking is limited to checking balances and cleared checks by phone. I know my account number and password are transmitted in cleartext (clearbeeps), but access to the phone network is reasonably limited and the phone access system doesn't allow transfers to anywhere but my other accounts. I'm curious what benefit other people feel they get from online banking.
I'm a little troubled by the security researcher's online banking ritual. Its not that it doesn't make sense technically and help protect against a class of attacks. It just feels wrong. It feels like he is performing a ritual to reassure himself before doing his online banking, which he clearly has reservations about. He does not discuss any other measures he takes to secure his system.
Those who talk about booting off a live CD such as Knoppix sound a little more sensible to me, as the integrity of the system is pretty well ensured. This isn't an approach that scales well to the general public, though, for reasons of convenience and knowledge. It involves education about the risks, downloading and burning and ISO and sometimes fiddling with BIOS settings - not something that the bank is likely to ask users to do. A bootable read-only flash drive might simplify things, though. Maybe a security minded bank would distribute bootable read-only flash drives with built-in password-generating fob. Plug in, boot, see browser window already pointing to your bank's site with secure connection. Type in account number from a card, password from memory and number from fob. Now I want to know how you would break this system. Let the replies begin...
-Jon
That's a fair point - it's much more difficult to beef up security if the user is blind. My bank (LloydsTSB) uses the drop down list method to enter three characters from my super-secret password (you need a normal userid and password to get to that screen), so I imagine that screen readers would be able to speak the current letter/number and of course you can use up/down cursor keys to use the drop down list.
You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
It's pretty easy to securely store a bunch of passwords on a piece of paper. A friend / co-worker I knew had a book of poetry. He'd pick a page out of the book for every security contract, and take passwords out of rows & columns of letters. I thought this was a good idea, but it's weak in that it only gives letters, no numbers or funny characters.
First, print out block of random (as random as possible, anyway) characters onto a business card. Then, any time you need a new password, pick a starting point, direction, and number of characters -- this can be represented with 5 numbers. Now's where it gets tricky -- you don't want to write those numbers down, but you want to be able to remember them -- construct an invertable function, run the numbers through that function, and write the result down on the back of the business card.
Similar here as well.
I have a VM that is set up to not save any changes when it shuts down. So it functions just like a LiveCD except it is fully customizable. If I wanted to make changes (such as windows update) I can change the disk settings to persist, update, shut down and then change the settings back.
Doesn't help if the person is an idiot and give out his CC number to anyone that asks for it though.
Exactly. This is the stupidest thing I have ever heard of. I used my promiscuous penis to screw a hooker, got herpes, then came home and put on my virgin penis for my wife/gf/whatever. She doesn't have to touch the same penis that the hooker was all over, but I still have herpes.
Or the bad car analogy. I tied a tow-line from my Nova to my Porsche. What I didn't consider is that when someone steals the Nova, they get the Porsche with it. And when I drove the Nova off a cliff, the Porsche went with it.
This guy is apparently talking about a specific type of attack, Cross Site Request Forgery (CSRF). The only reason he's doing this is so that he is only authenticated to the secure site while the second browser is running. You could have the same effect in a single browser by using the "delete cookies and temp files when I close my browser" setting, and closing the browser before and after going to a secure site. Once I realized he was only protecting himself against one type of attack, it made sense, but using two different browsers seems like a really clunky way of doing it. And by clunky I mean ignorant.
Too bad comments are disabled on the article or we could explain what they failed to clarify for the reader, and what they failed to ask the random bloke they interviewed.
Keyloggers can be installed at a variety of levels. They can be installed at a hardware level if someone has physical access to your machine. In software, they can be installed anywhere from the kernel level to the level of a specific application like IE. One of the most likely kinds of keyloggers for the average user to run into is the spyware/trojan browser redirect variety. These are browser-specific and will only capture what you do in that specific browser. Using separate browsers will protect you somewhat against that one kind of keylogger.
I had an incident a few years back where one of the end users I support got infected with an IE specific keylogger trojan. It quickly became apparent because the machine was using a restricted IP address which requires proxy access with a login to reach sites outside the LAN. IE started asking for a login to the proxy server even when the user was only browsing internal sites. It took some investigation to figure out what had happened but we discovered the trojan and how its activity sending keylogger data to an outside site was what was triggering the unexpected proxy login requests.
Actually, online banking has *never* implemented two-factor verification. It's just a bunch of different things that you know - password, mom's maiden name, first pet's name, etc.
At best, they can only use this weird psuedo-2-factor thing where there's one thing you know, that others may try to obtain through various technological means - your password - and then another thing that they just kind of figger that nobody but you will probably know, and that those same "others" who may have obtained your password through technological means, won't be able to get (security questions, etc.).
Online banking won't be able to implement 2-factor verification until card readers, or some other method to verify that you have something in your possession become standard.
One system I saw reminds me of this problem. It was a touch screen that displayed a keypad. The screen was at a terminal of sorts, and there was a box drawn around the area in front on the ground in red tape. By company rules only one person was allowed in the box at a time, so if you needed to approach the door in a group, you were required to take turns and queue up in a line outside the box.
The screen was a fresnel lens type cover, so you had to be standing at the correct orientation to the screen to read it. People behind you any distance, or off to the side even a little, could not see the screen at all. The screen presented a numeric keypad and you had to key in your passcode.
The trick here is, the keypad was not a standard 0-9 3x3 grid. The numbers were in a 3x3 grid, but were in random places each time you used it. So anyone watching your hands to see what you pressed wasn't getting anything useful besides the length of the passcode. (which was fixed at 10 characters) There was a setting to shuffle the keys on each keypress but that was found to get on people's nerves, so you could presumably figure out if a person had a pair of letters in the code that were the same but that's not too big of a deal.
Only thing is a screen scraper combined with a keylogger (to log mouse clicks) would still own all of this.
I work for the Department of Redundancy Department.