What we -should- do is focus on things that we can actually benefit from. Instead of mass-murder, why not fix the internet by fixing javascript (ie. dis, fucking, allow, whitelist basis only), fixing flash (bye), fixing CSS (stop reading my history and stop scanning my ports!) and fixing HTML so we don't need to rely on stupid things (flash, silverlight, the thing Google made) to make browsing an enjoyable experience.
I can deliver you a browser that is virtually unexploitable. Firefox running with NoScript,
You are well informed and protected, but even plain CSS is an attack vector. Yes, to be safe, you need to disable CSS http://search.slashdot.org/comments.pl?sid=1537058&cid=31023480 [slashdot.org]. Also, extensions like LocalRodeo, SafeHistory and SafeCache might be worthy add-ons to your arsenal. Although some of those extensions might be deprecated/unusable in the latest version of Firefox/Iceweasel (even with Nightly Tester Tools).
So - I'm sitting here, reading about this newest manifestation of exploitable exploits, and wondering: "how does all this affect Debian?"
Then you offer up some solutions that would actually start to FIX THE PROBLEMS.
No script - check.
Adblock plus - check.
Turn off Flash - check.
Ditch silverlight/moonlight - check.
Disable Java - check.
What's left? Oh yeah - don't click on obvious bogus links, and don't agree to download a virus scanner. Like, I really need on on Debian.
What does that leave? Hmmmm. A damn good firewall - check. Firestarter may not be the best, but it hasnt' failed me yet!
Has anyone mentioned in this thread yet, that security is not a product - instead it is an ongoing process? I guess I just did.
Houston, all systems are go. May we have clearance for lift off?
I have a better solution, turn off your wifi or unplug that Cat 5 cable. You see, if you kill off all ads you have no way for anyone to make money and guess what there will be no internet because someone has to pay for it. So please do that. I call that leeching.
You might call it marching to the beat of a different drum, rather than leeching.
Have you not been paying attention? Those advertisements are a vector with which to bypass security measures. Pay for the internet? DUHHH - my DSL is paid for. $79/month. What exactly am I helping anyone to pay for, if I permit advertisers to pwn my machines?
Maybe you're suggesting that I've done something immoral every time in my life that I've NOT WATCHED a commercial on television? Hmmm. There should be a law, huh? G
Well if net neutrality doesn't get passed, that is our future. I know the RIAA would love to waterboard some people. And since when did advertisers not pwn machines? Cough google cough
cough microsoft cough.
Or did you mean someone Proctor and gamble?
Gosh that takes me back... or is it forward? That's the trouble with
time travel, you never can tell."
-- Doctor Who, "Androids of Tara"
Should Be Shot (Score:3, Insightful)
Malware and Virus authors should be lined up against a wall and shot. They are cancers and need to be irradiated.
Re: (Score:2)
I mean eradicated...although irradiated would probably work well too.
Re: (Score:3, Insightful)
What we -should- do is focus on things that we can actually benefit from. Instead of mass-murder, why not fix the internet by fixing javascript (ie. dis, fucking, allow, whitelist basis only), fixing flash (bye), fixing CSS (stop reading my history and stop scanning my ports!) and fixing HTML so we don't need to rely on stupid things (flash, silverlight, the thing Google made) to make browsing an enjoyable experience.
I can deliver you a browser that is virtually unexploitable. Firefox running with NoScript,
Re:Should Be Shot (Score:2)
So - I'm sitting here, reading about this newest manifestation of exploitable exploits, and wondering: "how does all this affect Debian?"
Then you offer up some solutions that would actually start to FIX THE PROBLEMS.
No script - check.
Adblock plus - check.
Turn off Flash - check.
Ditch silverlight/moonlight - check.
Disable Java - check.
What's left? Oh yeah - don't click on obvious bogus links, and don't agree to download a virus scanner. Like, I really need on on Debian.
What does that leave? Hmmmm. A damn good firewall - check. Firestarter may not be the best, but it hasnt' failed me yet!
Has anyone mentioned in this thread yet, that security is not a product - instead it is an ongoing process? I guess I just did.
Houston, all systems are go. May we have clearance for lift off?
Re: (Score:1)
You are well informed and protected, but even plain CSS is an attack vector. Yes, to be safe, you need to disable CSS http://search.slashdot.org/comments.pl?sid=1537058&cid=31023480 [slashdot.org]. Also, extensions like LocalRodeo, SafeHistory and SafeCache might be worthy add-ons to your arsenal. Although some of those extensions might be deprecated/unusable in the latest version of Firefox/Iceweasel (even with Nightly Tester Tools).
Re: (Score:1)
So - I'm sitting here, reading about this newest manifestation of exploitable exploits, and wondering: "how does all this affect Debian?"
Then you offer up some solutions that would actually start to FIX THE PROBLEMS.
No script - check.
Adblock plus - check.
Turn off Flash - check.
Ditch silverlight/moonlight - check.
Disable Java - check.
What's left? Oh yeah - don't click on obvious bogus links, and don't agree to download a virus scanner. Like, I really need on on Debian.
What does that leave? Hmmmm. A damn good firewall - check. Firestarter may not be the best, but it hasnt' failed me yet!
Has anyone mentioned in this thread yet, that security is not a product - instead it is an ongoing process? I guess I just did.
Houston, all systems are go. May we have clearance for lift off?
I have a better solution, turn off your wifi or unplug that Cat 5 cable. You see, if you kill off all ads you have no way for anyone to make money and guess what there will be no internet because someone has to pay for it. So please do that. I call that leeching.
Re: (Score:2)
You might call it marching to the beat of a different drum, rather than leeching.
Have you not been paying attention? Those advertisements are a vector with which to bypass security measures. Pay for the internet? DUHHH - my DSL is paid for. $79/month. What exactly am I helping anyone to pay for, if I permit advertisers to pwn my machines?
Maybe you're suggesting that I've done something immoral every time in my life that I've NOT WATCHED a commercial on television? Hmmm. There should be a law, huh? G
Re: (Score:1)