Funkcionalnosć toś togo sedła se pśez wótwardowańske źěła wobgranicujo, kótarež maju wašo dožywjenje pólěpšyś. Jolic nastawk waš problem njerozwězujo a cośo pšašanje stajiś, wobrośćo se na našo zgromoźeństwo pomocy, kótarež na to caka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomagaś.

Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

Browsers should SLOW DOWN their release cycle and release Secure debugged software

  • 1 wótegrono
  • 0 ma toś ten problem
  • Slědne wótegrono wót Victor

more options

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hackers.

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hackers.

Wšykne wótegrona (1)

more options

There are only 3 things that interact with the network on my Fedora system: chronyd (clock sync), system-resolvd (DNS) and the Browser. I have disabled chronyd; my system is new and clock battery is good. And I have an infallible security detector: my USB Ethernet adapter with traffic indicator. If I see a prolonged stream of traffic of a minute or two, when I have not clicked on a link, a page, or load a web site, then it could mean only 2 things: that the dns resolver is being hacked or it is the browser. DNS resolver is reputed to be pretty hard to hack. And browsers has security fixes with EVERY version. What would you guess is the culprit attack vector?

I use firejail with the x11 setting enabled. So there is a buffer against key-loggers and screen grabbers. And the x11 buffer is virtual, starts up like new on every restart of the browser. So I should be reasonably safe (I guess). But that does not excuse any vulnerabilities in the browser.

I cannot prove the attack with a PoC, I am not a white hat vulnerability researcher, just an ordinary admin. But I do hold a Security+ cert. Granted the attack may involve other pieces. But the browser is the most likely entry point. And that should not happen. Somebody should hold the browser vendor accountable. There is no un-hackable software, true, but they have to prove their due diligence has been done, and post code audit results with every release.

Wužytny?

Stajśo pšašanje

Musyśo se pla swójogo konta pśizjawiś, aby na pśinoski wótegronił. Pšosym stajśo pšašanje, jolic hyšći njamaśo wužywaŕske konto.