[clug] Dangerous Dave's talk
spareparts at internode.on.net
Mon Mar 2 01:24:13 MST 2015
On 01/03/15 18:01, Owen Cook wrote:
> Thanks for the talk. One point I picked up on was 'do your banking etc
> through a VM"
> To date I have done my banking etc through a different user with
> minimum access. I use Firefox and check cookies.
> So lets try a VM, in this case SUSE-13.2. I start up Firefox, go to my
> bank, and check the cookies.
> The bank cookies are there, but so are those from Google and another
> from server.lon.liveperson.com. I delete those cookies, Google's
> reappears in a second or so, and the live person one comes back
> intermittently. There is also one there from doubleclick as well. None
> of these are in the non VM system.
> So I have a mystery. why would Firefox in a SUSE-13.2 VM fetch more
> cookies than the Firefox as another user in Ubuntu.
> Any suggestions welcome
You are starting to tackle the very problem of secure browsing and
transacting - you need to understand how things are working, and have
confidence they stay that way.
As far as your trackers, install the FFX plugin 'HttpFox'. When
installed, start it with 'View -> HttpFox', and click the 'Start' button.
This will show the in/out packets, and possibly the cause of your
cookies. Cookies are set in a RESPONSE header from the remote server -
find out who is asking for them. Unfortunately, in my version of HttpFox
(the latest), the response headers are not being displayed, but may work
You should then review the active browser EXTENSIONS, and iterate by
turning them all off, until the cookies are no longer set.
If that doesn't help, you need to address Mozilla-Spying issues. For
example, the so-called 'Safe-Browsing' is run by Google, and is
difficult to disable, but I dont think it runs on standard cookies.
(read the Mozilla manual - if u disabled it via the preferences, it
continues to talk to Google, but is silent from your perspective). You
cannot disable this via preferences, but can get to it via registry
hacks - google for the settings - look at the mozilla-zine results)
Starting A Secure Browser Session
At the least, you need to use a new firefox profile, with everything
turned off and disabled. If you use a dedicated VM, this may not be
needed, as long as not used for any other purpose.
Explore: sh> firefox --help
Then start with: sh> firefox -ProfileManager, and create for yourself a
new profile. You will prob need to re-install any required browser
EXTENSIONS (as distinct from PLUGINS)
As a matter of routine, DISABLE ALL the browser plugins, such as flash,
etc - set to 'Never Activate' - and only ever set to 'Ask to Activate'
when u get blocked by Flash issues.
You should also review and REMOVE all EXTENSIONS unless absolutely
required for your secure sessions.
You should ONLY use this profile for BANKING (or secure stuff) and
nothing else - no standard browsing. You can run more than one profile
at a time, with a bit of cmd-line option hacking. By default, FFX wants
to run one profile for all current windows - you have to persuade it
otherwise if u want to share sessions concurrently.
To be safest, NO concurrent browsing (in the same VM). Better still, use
that VM for secure browsing only, and never use for standard browsing.
Remember, try and understand what is passing up and down the wire, and
This is just the basics - we may talk more about browser security at
another time - may make a good CLUG talk
Copied to list - original was reply to sender (my mistake)
More information about the linux