[clug] Dangerous Dave's talk

[David M]

On 01/03/15 18:01, Owen Cook wrote:
> Thanks for the talk. One point I picked up on was 'do your banking etc 
> through a VM"
>
> To date I have done my banking etc through a different user with 
> minimum access. I use Firefox and check cookies.
>
> So lets try a VM, in this case SUSE-13.2. I start up Firefox, go to my 
> bank, and check the cookies.
>
> The bank cookies are there, but so are those from Google and another 
> from server.lon.liveperson.com. I delete those cookies, Google's 
> reappears in a second or so, and the live person one comes back 
> intermittently. There is also one there from doubleclick as well. None 
> of these are in the non VM system.
>
> So I have a mystery. why would Firefox in a SUSE-13.2 VM fetch more 
> cookies than the Firefox as another user in Ubuntu.
>
> Any suggestions welcome

You are starting to tackle the very problem of secure browsing and 
transacting - you need to understand how things are working, and have 
confidence they stay that way.

As far as your trackers, install the FFX plugin 'HttpFox'. When 
installed, start it with 'View -> HttpFox', and click the 'Start' button.

This will show the in/out packets, and possibly the cause of your 
cookies. Cookies are set in a RESPONSE header from the remote server - 
find out who is asking for them. Unfortunately, in my version of HttpFox 
(the latest), the response headers are not being displayed, but may work 
for you.

You should then review the active browser EXTENSIONS, and iterate by 
turning them all off, until the cookies are no longer set.

If that doesn't help, you need to address Mozilla-Spying issues. For 
example, the so-called 'Safe-Browsing' is run by Google, and is 
difficult to disable, but I dont think it runs on standard cookies. 
(read the Mozilla manual - if u disabled it via the preferences, it 
continues to talk to Google, but is silent from your perspective). You 
cannot disable this via preferences, but can get to it via registry 
hacks - google for the settings - look at the mozilla-zine results)


Starting A Secure Browser Session
--------------------------------------
At the least, you need to use a new firefox profile, with everything 
turned off and disabled. If you use a dedicated VM, this may not be 
needed, as long as not used for any other purpose.

Explore: sh>  firefox --help

Then start with: sh> firefox -ProfileManager, and create for yourself a 
new profile. You will prob need to re-install any required browser 
EXTENSIONS (as distinct from PLUGINS)

As a matter of routine, DISABLE ALL the browser plugins, such as flash, 
etc - set to 'Never Activate' - and only ever set to 'Ask to Activate' 
when u get blocked by Flash issues.

You should also review and REMOVE all EXTENSIONS unless absolutely 
required for your secure sessions.

You should ONLY use this profile for BANKING (or secure stuff) and 
nothing else - no standard browsing. You can run more than one profile 
at a time, with a bit of cmd-line option hacking. By default, FFX wants 
to run one profile for all current windows - you have to persuade it 
otherwise if u want to share sessions concurrently.

To be safest, NO concurrent browsing (in the same VM). Better still, use 
that VM for secure browsing only, and never use for standard browsing.

Remember, try and understand what is passing up and down the wire, and 
control it.

This is just the basics - we may talk more about browser security at 
another time - may make a good CLUG talk

DD

-------------------
Copied to list - original was reply to sender (my mistake)