Този сайт ще има ограничена функционалност, докато се извършва тече неговата поддръжка. Ако дадена статия не може реши проблема ви и искате да зададете въпрос, нашата общност е готова да ви помогне на @firefox в Twitter и /r/firefox в Reddit.

Търсене в помощните статии

Избягвайте измамите при поддръжката. Никога няма да ви помолим да се обадите или изпратите SMS на телефонен номер или да споделите лична информация. Моля, докладвайте подозрителна активност на "Докладване за злоупотреба".

Научете повече

Browsers should SLOW DOWN their release cycle and release Secure debugged software

  • 1 отговор
  • 0 имат този проблем
  • Последен отговор от Victor

more options

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hackers.

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hackers.

Всички отговори (1)

more options

There are only 3 things that interact with the network on my Fedora system: chronyd (clock sync), system-resolvd (DNS) and the Browser. I have disabled chronyd; my system is new and clock battery is good. And I have an infallible security detector: my USB Ethernet adapter with traffic indicator. If I see a prolonged stream of traffic of a minute or two, when I have not clicked on a link, a page, or load a web site, then it could mean only 2 things: that the dns resolver is being hacked or it is the browser. DNS resolver is reputed to be pretty hard to hack. And browsers has security fixes with EVERY version. What would you guess is the culprit attack vector?

I use firejail with the x11 setting enabled. So there is a buffer against key-loggers and screen grabbers. And the x11 buffer is virtual, starts up like new on every restart of the browser. So I should be reasonably safe (I guess). But that does not excuse any vulnerabilities in the browser.

I cannot prove the attack with a PoC, I am not a white hat vulnerability researcher, just an ordinary admin. But I do hold a Security+ cert. Granted the attack may involve other pieces. But the browser is the most likely entry point. And that should not happen. Somebody should hold the browser vendor accountable. There is no un-hackable software, true, but they have to prove their due diligence has been done, and post code audit results with every release.

Полезно?

Задаване на въпрос

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.