| View previous topic :: View next topic |
| Author |
Message |
eschwartz
Developer
Joined: 29 Oct 2023
Posts: 235
|
 Posted: Tue Nov 26, 2024 7:08 pm Post subject: |
 |
|
| pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do 
And mine currently use are very out of date. It was last updated sometime in 2021-2022. Google mail always tell me my browser are out of support.
[...]
From security thread point of view I don't feel it is much less security than the day I flash my kernel/rootfs to SD. I think it is just not secure then as now. So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. And ensure no one have access my nodes with me knowing. And do all online banking in private way and record everything.
|
If you do not update your web browser for 3 or 4 years, doing online banking "in private way" is not an effective defense against a malicious attacker cracking your connection to your bank, then pretending to be you and withdrawing all money from your account.
Recording everything isn't much help if your money is already gone. Although you can take a gamble on that the odds are against you, specifically, being targeted, which may work out but also may fail at any time and without any advance warning. |
|
| Back to top |
|
 |
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1285
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:14 pm Post subject: |
|
|
| pietinger wrote: | | asturm wrote: | | [...] It ultimately runs counter to security, [...] |
|
But that is one of my point about frequent update does not necessary mean you are better secured. Because you don't really review what that update do from security point of view.
It seems to me that few of you think I suggest never update until next 10 years(figurative speaking). And I like to make it clear that is not my post about. I am saying no need to frequent update just because there are new. you should do update because you know what that update will bring for you. |
|
| Back to top |
|
|
asturm
Developer
Joined: 05 Apr 2007
Posts: 9303
|
| Posted: Tue Nov 26, 2024 7:20 pm Post subject: |
|
|
| How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1285
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:23 pm Post subject: |
|
|
| eschwartz wrote: | | pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do
And mine currently use are very out of date. It was last updated sometime in 2021-2022. Google mail always tell me my browser are out of support.
[...]
From security thread point of view I don't feel it is much less security than the day I flash my kernel/rootfs to SD. I think it is just not secure then as now. So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. And ensure no one have access my nodes with me knowing. And do all online banking in private way and record everything.
|
If you do not update your web browser for 3 or 4 years, doing online banking "in private way" is not an effective defense against a malicious attacker cracking your connection to your bank, then pretending to be you and withdrawing all money from your account.
Recording everything isn't much help if your money is already gone. Although you can take a gamble on that the odds are against you, specifically, being targeted, which may work out but also may fail at any time and without any advance warning. |
It is a little bit hard for me to explain that "private way" but essentially I don't use my daily browser for my online transaction.
I wish I am a big fish that I will be selected as target  (because that mean I am well off, and it become a sweet problem) but in fact I am not even close to put on radar.
There is nothing you can do from security point of view if you are targeted. my recording is just a way to prove I done my due diligent. my mind can be rest at peace. And hopefully it can be a learning experience. (which I don't want
edit for correctness.
Last edited by pingtoo on Tue Nov 26, 2024 7:28 pm; edited 1 time in total |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1285
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 7:27 pm Post subject: |
|
|
| asturm wrote: | | How do you know your car drives safely after you brought it to the mechanic for the annual inspection? |
You got it. I actually don't know. Because I a idiot at car mechanic.
So I drove less. Use public transit whenever I can.
I buy insurance, I keep records with dealership (where I do my car maintenance) and I insist everything in writing. |
|
| Back to top |
|
|
CaptainBlood
Advocate
Joined: 24 Jan 2010
Posts: 3909
|
| Posted: Tue Nov 26, 2024 7:38 pm Post subject: Re: What is the update frequency with Gentoo? |
|
|
| eschwartz wrote: | Gentoo's official policy is that it should always be possible to upgrade systems that are only a single year out of date. Therefore if that fails, it's surely a bug. Whether people regularly test this, is another question entirely.  |
Interesting & fairly balanced.
The second sentence could justify switching system fs to btrfs or alike if snapshots allow going back and forth.
Such a system would allow easy checking,
Unsure how beneficial that would be to the current portage tree...
Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5156
Location: Bavaria
|
| Posted: Tue Nov 26, 2024 10:02 pm Post subject: |
|
|
| pingtoo wrote: | | pietinger wrote: | | Do you use a Linux kernel and a web browser on your system? |
Yes I do
[...]
So my prevention is not about secure the browser or kernel. It is about prevent unwanted or unnecessary network traffic. [...] |
Here lies the problem. Even if you are browsing a very reputable website, e.g. a website of a reputable computer manufacturer, it may itself have been hacked and is distributing malicious calls to your browser ... the manufacturer does not even know that their web server is doing bad things to customers.  One of the first things to do is to switch off javascript in your browser.
| pingtoo wrote: | | [...] And ensure no one have access my nodes with me knowing. [...] |
This is about physical security (offline tampering) ... I'm also less worried about this. 
| pingtoo wrote: | | [...] And do all online banking in private way and record everything. |
Me too - although I think I have a “reasonably” secure pc.
| pingtoo wrote: | | (sorry I don't know how to express this in right English way) |
I understood everything ... please don't worry.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
pingtoo
Veteran
Joined: 10 Sep 2021
Posts: 1285
Location: Richmond Hill, Canada
|
| Posted: Tue Nov 26, 2024 10:21 pm Post subject: |
|
|
| pietinger wrote: | | Here lies the problem. Even if you are browsing a very reputable website, e.g. a website of a reputable computer manufacturer, it may itself have been hacked and is distributing malicious calls to your browser ... the manufacturer does not even know that their web server is doing bad things to customers. |
But the malicious intent usually have two type, plant something bad on to your computer or redirect so they can act like man in between.
This is where the "private way" happen, I am not worry in something malicious got downloaded. the browser environment is sandboxed so every start is fresh (think docker image/container). I don't worry redirect that is what firewall output filter is for.
I worry that the bank (or whoever I do transaction with) tell me the browser version is not supported. (I don't fool around the agent string, because there could be legal implication that I rather not get involve when something gone wrong) |
|
| Back to top |
|
|
|
Other Things Gentoo
