- This topic has 11 replies, 5 voices, and was last updated Nov 7-11:34 pm by Anonymous.
-
Posts
-
olsztyn
Aside of creating my own user and password (in place of demo), which I did on AntiX Live, what would be additional security recommendations to maximize security?
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parameters
anticapitalista
1. use the encrypted usb option
2. don’t use the net LOL!Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
Anonymous
The sysv-rc-conf command shows service deamons and status whether each is configured to autostart. More secure (hardened) to disable autostarting of services you personally will never use or will seldom use. Fewer autostarted services also means less memory overhead. Specifically to ssh, I read this forum article https://www.antixforum.com/forums/topic/steps-toward-improving-ssh-security-on-your-system/
There’s a preinstalled networking firewall program GuFW, and the “firejail” program can sandbox isolate programs to prevent their connecting to network via through http requests.
Beyond these, common sense, don’t paste “commands, found on the net and copied from web browser” into the terminal, don’t curl sudo install, and don’t leave system running and unlocked if other people are around and you need to step away from the puter. They might not intend any harm, just want to prank you, but prankster might wind up messing something up or accidentally deleting something.
Thank you!
On #1 (as I am not able to fully comply with #2…): Does such encryption capability exist also for Frugal installs?Although such install might originate from encrypted USB, I think it gets decrypted during install and does not get again encrypted on Frugal…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersGotta say, over here ice-ssb-site-specific-browser I think you are walking into a bear trap.
Surfing without the benefit of addressbar and+or SSL icon, that leaves you “blind”. Any time you fill in a form, login, type a password, you cannot be certain you’re STILL viewing a page from the correct site. Worse, if following results of search engine page, you can’t see the site you landed on, which might be a spoof lookalike site intended to trick visitors into logging in (typing the user+pw login for the site the chump THINKS he’s at).the following might, or might not, be enough to restore the addressbar in SSB windows
sudo nano /usr/bin/ice-firefox
remove this line
os.system(‘echo “#nav-bar { visibility: hidden !important; max-height: 0 !important; margin-bottom: -20px !im…
or add a start of line # to outcomment ignore the line, like so
#os.system(‘echo “#nav-bar { visibility: hidden !important; max-height: 0 !important; margin-bottom: -20px !im…
caprea
763b…thanks for information to this.
Gotta say, over here ice-ssb-site-specific-browser I think you are walking into a bear trap.
Surfing without the benefit of addressbar and+or SSL icon, that leaves you “blind”.Excellent point. Thanks.
So SSB code does does not restrict the SSB window to one (original) domain?Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parametersthe following might, or might not, be enough to restore the addressbar in SSB windows
I will check again when I get back home from work but my vague recollection is that with my SSB created via ‘shortcut’ function on Chrome the address/domain is showing in top window bar, along with SSL certificate owner. My recollection may not be correct though. If this is indeed the case this would not be any different than address showing in address bar, I think as the ‘shortcut’ I believe takes it from the address bar…Please correct me if I am wrong on this.
Having said that I am not sure how ICE-SSB code does this but looking briefly at SSB site on Peppermint it seems to show the title of the page, not sure if would show SSL certificate owner information. I will do more testing in the evening…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersSurfing without the benefit of addressbar and+or SSL icon, that leaves you “blind”
Excellent point though I did not realize it was not taken care of in SSB…
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersGotta say, over here ice-ssb-site-specific-browser I think you are walking into a bear trap.
Surfing without the benefit of addressbar and+or SSL icon, that leaves you “blind”.OK. I did some rudimentary testing that confirms your point and uncovers such potential security weakness you pointed out in ICE-SSB implementation. At least the way I see it.
I did a simple testing on both ICE-SSB and on Chrome-SSB using a few sites but the best showcase here would be Bank of America page, where you see login. This is SSL secured page.
Interestingly:
– SSL nor SSL certificate owner is showing on neither ICE-SSB and Chrome-SSB top. This is something I can accept as definition includes https. What follows I think is interesting though…
– I followed the link to MerrillEdge lower on the right, which is a different domain, to see if moving to a different domain will pop anything in SSB windows…
– In Chrome-SSB window proper address bar popped up with MerrillEdge address, ssl secured and to the left the ssl certificate owner of Bank of America was displayed.
– On ICE-SSB however nothing like that happened. Just title of page as MerrillEdge in top window bar. Neither address bar nor ssl certificate was displayed.This confirms your point as perceived security weakness in ICE-SSB implementation. Interestingly however Chrome-SSB did not exhibit this problem…
Just a note: Testing with ICE-SSB was using Peppermint 9 as I did not have the time to figure how to install Ice on AntiX using MX repositories. However since this is the way it behaves on latest Peppermint I would expect MX would not change this…
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersI am posting a followup reply here: https://www.antixforum.com/forums/topic/installing-ice-ssb-site-specific-browser-subsystem/
- You must be logged in to reply to this topic.
