'Extreme Security' Web Browsing 267
Sarah S writes "The application security researcher Jeremiah Grossman described to CSO magazine how he takes extreme measure to stay safe online. The simplest tip he uses: two separate browsers: 'One, which he calls the 'promiscuous' browser, is the one he uses for ordinary browsing. A second browser is used only for security-critical tasks such as online banking. When Grossman wants to do online banking, he closes his promiscous browser, opens the more prudish one, and does only what he has to do before closing it and going back to his insecure browser.'"
Not sure how "secure" this scheme is... (Score:5, Insightful)
Re:Not sure how "secure" this scheme is... (Score:5, Insightful)
Re:Not sure how "secure" this scheme is... (Score:5, Insightful)
Re:Not sure how "secure" this scheme is... (Score:3, Interesting)
Re:Not sure how "secure" this scheme is... (Score:2, Interesting)
Re:Not sure how "secure" this scheme is... (Score:5, Insightful)
Unfortunately, there are also key loggers that will do screen captures as well. If the attackers find they are unable to capture your password after you type "www.mybank.com", they can activate the screen capture capability the next time you visit that site. Sure, it takes more storage, and longer to transmit to the attacker, but if you haven't discovered you have a key logger, you won't notice the image files.
Once your system has been compromised, you can't assume anything. That's why Knoppix, or any other LiveCD, is a good idea when you want the added security. Since the media is fixed, even if you get compromised, it goes away when you reboot. However, if you are using a LiveCD, don't leave your machine running for days on end, or you could get compromised. Boot up, do what you have to do, and shut down. Sure, that's a bit paranoid, but it isn't paranoia if someone is actually out to get you.
Re:Not sure how "secure" this scheme is... (Score:3, Interesting)
Re:Not sure how "secure" this scheme is... (Score:3, Informative)
Re:Not sure how "secure" this scheme is... (Score:4, Interesting)
The screen was a fresnel lens type cover, so you had to be standing at the correct orientation to the screen to read it. People behind you any distance, or off to the side even a little, could not see the screen at all. The screen presented a numeric keypad and you had to key in your passcode.
The trick here is, the keypad was not a standard 0-9 3x3 grid. The numbers were in a 3x3 grid, but were in random places each time you used it. So anyone watching your hands to see what you pressed wasn't getting anything useful besides the length of the passcode. (which was fixed at 10 characters) There was a setting to shuffle the keys on each keypress but that was found to get on people's nerves, so you could presumably figure out if a person had a pair of letters in the code that were the same but that's not too big of a deal.
Only thing is a screen scraper combined with a keylogger (to log mouse clicks) would still own all of this.
Re:Not sure how "secure" this scheme is... (Score:2, Insightful)
On that note though, I do not write my passwords on my monitor, I have them in a small notebook in the drawer! I would rather use completely different passwords for each site and write them down than use the same few passwords across all sites that I need a password for.
Re:Not sure how "secure" this scheme is... (Score:5, Interesting)
And what, exactly, is wrong with this? Bruce Schneier [schneier.com] offers the following wisdom [nytimes.com]:
I write my passwords down. There's this rampant myth that you shouldn't write your passwords down. My advice is exactly the opposite. We already know how to secure small bits of paper. Write your passwords down on a small bit of paper, and put it with all of your other valuable small bits of paper: in your wallet.
Re:Not sure how "secure" this scheme is... (Score:2)
My phone (not in the US, so this is probably not useful for you guys, rumor is you are a few years behind) has a nifty little feature called code memo, it stores passwords in a scrambled format, but on a device that I'm guaranteed to bring me most of the time.
(Oh and I keep a backup on paper in a safe place in case the phone should decide to go into paperweight mode)
Re:Not sure how "secure" this scheme is... (Score:5, Funny)
Re:Not sure how "secure" this scheme is... (Score:3, Informative)
Re:Not sure how "secure" this scheme is... (Score:3, Funny)
That's amazing. I've got the same combination on my luggage!
*grin*
Re:Not sure how "secure" this scheme is... (Score:2)
Re:Not sure how "secure" this scheme is... (Score:2, Insightful)
Re:Not sure how "secure" this scheme is... (Score:3, Informative)
Unless the second browser is on a knoppix cd...
Re:Not sure how "secure" this scheme is... (Score:5, Funny)
Re:Not sure how "secure" this scheme is... (Score:5, Interesting)
Unless somebody really wants your data [thinkgeek.com]
Re:Not sure how "secure" this scheme is... (Score:2)
Re:Not sure how "secure" this scheme is... (Score:2)
Do you root behind your computer under your desk every time you use it? I know I don't.
Re:Not sure how "secure" this scheme is... (Score:2)
Re:Not sure how "secure" this scheme is... (Score:2)
How the hell can you trust your workplace keyboard after seeing a report like this?
Re:Not sure how "secure" this scheme is... (Score:2)
Re:Not sure how "secure" this scheme is... (Score:5, Insightful)
It's in no way presented as a solution to all security on the internet, but a way of addressing one specific class of problems in a simple manner with a minimum of effort. Unfortunately there's plenty of sufficiently smug people on /. who will continue to repeat this idea in this discussion without even glancing at the article.
Re:Not sure how "secure" this scheme is... (Score:5, Informative)
What you can do instead of using multiple browsers, is use separate Firefox profiles using MOZ_NO_REMOTE=1. I explain this technique in a blog entry, Using multiple Firefox profiles simultaneously to guard against CSRF attacks [tssci-security.com]
This technique would be almost be equivalent to using multiple browsers, and I don't know why Jeremiah hasn't caught onto it. I and several others have been proposing others do the same for a while now. You can further enhance the security by running different Firefox profiles under different users. I included links to what others like Joanna Rutkowska does on Vista with IE7, Firefox, and Thunderbird.
Re:Not sure how "secure" this scheme is... (Score:2)
He is quite clearly talking in the context of XSS and CSRF attacks. His so-called strategy is a reasonable precaution to take in this instance.
Security is not a go/no-go.
Re:Not sure how "secure" this scheme is... (Score:2)
How is someone going to get a keylogger on my FreeBSD box?
Cheers
Re:Not sure how "secure" this scheme is... (Score:2)
Re:Not sure how "secure" this scheme is... (Score:3)
Well, if someone actually gains physical access to my machine without me knowing about it, manages to get past the root password, and install that piece of evil software
On the presumption that there isn't some highly organized, well financed team of people with a strong desire to compromise my system from within my house, I don't guard against such things. A scenario like that falls into a completely different realm, and something I don't consider likely to be an issue.
Most of my international espionage activities is done in my sleep, so I don't have fears of INTERPOL or a crack team based in Langley coming for me .
Cheers
it's not (Score:2)
i have a credit card with a limit of $300 i make online purchases with and small change/ restaurant purchases. that doesn't protect me from someone who gets my driver's license number and my ssn and opens a new card in my name. but it still is a simple easy form of limited protection, just like using this guy using 2 browsers
Re:Not sure how "secure" this scheme is... (Score:3, Insightful)
It protects against CSRF attacks (at least when done properly), which appears to be the only thing the author cares about. It seems to me that a it's just some security outlet trying to gain publicity by referring to a vulnerability that has been documented for over a decade (see RFC 2109, section 4.3.5).
Re:Not sure how "secure" this scheme is... (Score:3, Funny)
More importantly (Score:3, Insightful)
Re:Not sure how "secure" this scheme is... (Score:2)
This is not insightful. It shows the PP didn't bother to spend 5 minutes to read the article or the fricking summary.
But to answer your question, ensure that you surf the web in such a way that you don't install a key logger!
I have been in the Internet for years, as I am sure mot ppl on
I explained to my wife these same rules and she has never caught a piece of malware.
I don't know how using a special p browser would help fend off XSS attacks and would like to know more, but Igiven Grossman' creds, he may be onto something.
Re:Not sure how "secure" this scheme is... (Score:2)
Use a mouse!!
Re:Not sure how "secure" this scheme is... (Score:3, Interesting)
I had an incident a few years back where one of the end users I support got infected with an IE specific keylogger trojan. It quickly became apparent because the machine was using a restricted IP address which requires proxy access with a login to reach sites outside the LAN. IE started asking for a login to the proxy server even when the user was only browsing internal sites. It took some investigation to figure out what had happened but we discovered the trojan and how its activity sending keylogger data to an outside site was what was triggering the unexpected proxy login requests.
Re:Not sure how "secure" this scheme is... (Score:5, Funny)
thats annoying... (Score:4, Interesting)
Re:thats annoying... (Score:2)
One bowser and I dont take any special actions before using internet banking.
I'm fairly confident that nothing will get my details and even if they do, the bank will handle it and I wont be out of pocket.
Plus I'm using Linux so fat chance a keylogger will get on my system.
Re:thats annoying... (Score:2)
Re:thats annoying... (Score:5, Insightful)
If anything, I'd do it the other way around. Promiscuous browsing on IE will certainly get you infected (ever open a pron site with IE? I haven't in years, and I don't plan to start now- even if those exploits have been fixed). I explorer is the only browser I can remember that would just let a virus download and install itself while you battled 80 popups. I understand Iexplorer7 is slightly better, but come on- that's what people are targeting, new exploits will come up.
I do things exactly opposite. I use opera for all my browsing, and nothing gets through. Then I load up internet explorer for my online banking. (my bank requires IE). I see no danger in that, because internet explorer is clean when I do it, thanks to the fact I never use it (and I clean my system regularly) with hijack this and pv and what not.
Re:thats annoying... (Score:2)
I have several levels of this.
My FreeBSD box is my primary surfing box, and it's set to be fairly closed, but open enough for most things. A second X-windows session has my completely locked down user and browser which won't accept cookies or non-originating images or any form of script is for the shadier parts of the internet -- or I can run the same browser in a separate profile which is a little more permissive.
A KVM switch away is my XP box, which is fairly restrictive and requires prompting for cookies and runs no-script, but also has flash installed which can be enabled on-demand. For government web sites, or the odd merchant site that I trust that still needs IE, I have IE installed -- but it only gets loaded for a site which I really need, actually trust, and which didn't quite work in Mozilla.
So, at any given time, I might have four different browsers to be used for entirely different things. I'm probably an odd example, I just happen to have the boxes available to run that way.
I don't think the idea of a 'secure' and a 'promiscuous' browser is that uncommon -- and, Mozilla allows more run-time control over what you permit and what you don't.
Cheers
Re:thats annoying... (Score:3, Informative)
Mozilla. It's probably an older version by now, but the Mozilla browser used to (possibly still does) have a setting which you could specify that only images from the original page would be loaded -- cuts out quite a few ads.
Given Firefox's pedigree, I'd be willing to bet that about:config has some setting which allows this, but I can't say what it might be. Mayhaps some helpful soul will respond and say what the setting would be.
Cheers
Re:thats annoying... (Score:2)
Re:thats annoying... (Score:2, Informative)
You wouldn't need to use two different browsers, I believe, just two different 'users' on firefox, with two different firefox profiles. It's easy to set up new profiles using firefox's profile manager (under Windows: firefox.exe --profilemanager). This brings along a whole different set of cookies for the different user. (Being logged on to a site as one user would not carry over simultaneously to the other user.)
Just double-click the desktop icon for the 'secure' user before doing online banking, etc., then close that user's firefox session when done.
Of course, this is just aimed at CSRF attacks (discussed by TFA), and doesn't address any of the concerns about keyloggers, etc. expressed in the posts above....
That's not extreme. (Score:2)
Re:That's not extreme. (Score:2, Insightful)
Better secure browsing (Score:4, Interesting)
This is silly! (Score:4, Insightful)
The only way to be safe is to use an up-to-date browser, (and lets say anything not-IE). And if you have Firefox, look into AdblockPlus, and NoScript. If you don't want cookies to bother you, set them to this-session-only. And lastly, Firefox has a lovely "Clear private data when closing Firefox" option if you want it.
Re:This is silly! (Score:2)
Re:This is silly! (Score:2)
No, it doesn't protect against keyloggers, phishing, or anything else that is a "real" security threat, but my time cleaning out malware/trojans and other junk has gone drastically down. The fact that browsing/search history doesn't survive the session is an added bonus for them. (Though I didn't know about the auto clear in firefox, is that a new feature?)
It is usefull. (Score:2)
This article was pretty vague, but the idea does have merit depending on how you interpret it. You definitely shouldn't advocate using an insecure browser for normal day-to-day use. But I'll give the security researcher the benefit of the doubt and assume he was advocating using a normal secure browser (like firefox) for normal use, and then having a second browser configured with all the extra security features that no one will tolerate for day-to-day use when doing more dangerous or more private things.
For example when browsing porn sites, or warez sites (I only do the former), which are known to have more malware than your average website, using a more secure browser is a good thing - and having no record of this visit stored (ie cookie or url history) is also a good thing, especially for the later. Furthermore, when using tor (for all the reasons people use it) it is a good idea to use a browser with all tracking turned off, for obvious reasons. Again these are setting that I refuse to have enabled on my normal browser.
That said, I don't normally bother with using my locked down browser for my bank. If their site has cross-site scripting vulnerabilities, then I think I need to find another bank that values security over Web 2.0 fads.
Key logger (Score:2)
Of course, there are ways to protect your machine from such things, like one of those anti-virus / internet security suite... but then using such a thing would also get rid of that requirement of having to use two separate browsers. And we certainly don't want our friends to think we're uncool by only using one browser!
"Promiscuous" Browser (Score:2, Funny)
Hell, mine's a slut.
But then, so am I.
Mis-understanding.... (Score:2)
Because most of the web doesn't work otherwise (Score:2)
That's nothing (Score:5, Funny)
That's right. I snail mail the institutions for the answers I seek and they write me back after looking it up on the web.
Even this post was done via correspondence. I mailed this letter to CmdrTaco a couple of days back and let him know to post my thoughts on the matter when the article hit the front page.
Re:That's nothing (Score:5, Funny)
The only way to do your banking safe (Score:4, Funny)
But I might be paranoid.
I already do something like this (Score:2)
I've got two profiles for Firefox: one for everyday stuff, and one for banking. Originally I'd done this because the banks all seemed to require Javascript, and I simply don't leave that on (I hate dancing baloney on websites, and a lot of the time it's just used to serve ads anyhow). Nowadays I use NoScript [noscript.net] to turn on JavaScript when I want to, but I still do all the banking stuff in a separate profile.
I did read an interview with a security researcher recently (sorry, can't dig up the link) who said that he used a separate browser in a separate VM for his banking. I suppose you could be even more safe by using a Knoppix CD and avoiding your usual OS altogether.
ArticleSummary.Equals(TFA) = True (Score:2, Insightful)
Am I living under a rock because I have never heard of Cross Site Request Forgery?
Is it known by a different name?
Re:ArticleSummary.Equals(TFA) = True (Score:2)
I've seen it referred to as XSS [wikipedia.org] for "Cross Site Scripting".
It's a well known class of attack where one web site makes script calls to another site and can expose some vulnerabilities.
If you do anything web-ish and need to be concerned with security, it's a real issue and fairly well known. The wiki link I provide has some good info.
Cheers
Re:ArticleSummary.Equals(TFA) = True (Score:2)
Oh, thanks for the correction.
I had assumed they were the same thing as I'd not heard the specific term before. My bad. =)
Cheers
built into IE since v4 (Score:3, Informative)
IE security goes up to five .. :) (Score:2)
Why don't you just make four more secure and make four be the top number and make that a little more secure
Quote
Nigel:
Marty: Ahh...oh, I see....
Marty: Why don't you just make ten louder and make ten be the top... number... and make that a little louder?
Nigel: These go to eleven [csoonline.com].
Re:IE security goes up to five .. :) (Score:2)
"Internet" "Local Intranet" "Trusted Sites" "Restricted Sites " "My Computer" (the hidden one)
each one can be customised security wise to taste, its just a matter of setting it up (if plugging a leaking dam with fingers is any good)
but if this person is a "security researcher" then he should really be surfing/investigating potentially badsites through a VM in something other than IE (unless he is looking to get exploited on purpose), i mean really, is installing Firefox, Noscript, UserAgent Changer, and Adblock+ for an "expert" that hard ?
even setting up a VM is only a 10 minute thing on Windows (and they are all free) 1 infection and he can revert to a snapshot and sniff/capture _all_ the activity the malware does with ease.
Of course if he was that bothered about his security/banking he would boot off a Live CD to rule out any kernel level winsock sniffers on his desktop (lets hope his router isnt compromised egh), but meh.
Re:built into IE since v4 (Score:3, Insightful)
Turning off scripting doesn't guard against CSRF either BTW. I wish people would read the bloody article (and understand it!).
--
Simon
Secure browsing for the paranoid: (Score:2)
Just hope that no one injected a keylogger onto the live CD and remembered to change the MD5 sum as well...
This news is incomplete (Score:3, Insightful)
For sure, in this context, the tip is quite effective.
Only as strong as the weakest link (Score:4, Insightful)
That's not all that secure (Score:4, Interesting)
Or, as others have suggested, a dedicated virtual machine which can revert its state at shutdown, so you know there won't be any nasties lurking even in the sandbox.
Re:That's not all that secure (Score:2)
It lets you run your windows programs in a sandbox.
I saw a link to it in some previous
With a few tweaks to let you easily save files to your favorite places, it's completely transparent.
I plan on installing it for my other family members. They don't exactly browse malicious sites or open up every crap e-mail link, but they still pick up the occassional piece up malware.
Why? (Score:2)
- Does using multiple browsers as described actually do anything for security?
- Why?
- Is it supposed to be that way?
- Shouldn't we be secure using just one browser?
Re:Why? (Score:2)
I wonder how long it will be until, when you create a user account, a second one (or two or three) is automatically created, and potentially vulnerable apps (browser, mail, etc) configured to run as separate users.
Does he wash his hands in between? (Score:2)
Just in case?
"Better safe than sorry," — murmured the abbess rolling a condom over a candle.
Trying to Think This Through... (Score:3, Insightful)
Given the above and operating conditions being equal (with use of solid anti-virus and firewall measures), it seems to me that if a well-designed browser was used in the first place, then there would not be a need for a "promiscuous" browser. In fact, wouldn't the use of a "promiscuous" browser increase a user's risk when conducting, uh, questionable activities? End result (cue alarming music here): the box gets compromised, and it doesn't matter if a safe browser was used for banking, etc., something nasty now lives in the box.
Continuing the FF vs IE model, if FF was designated for promiscuous activity, then the user is arguably better protected. So that leaves us with IE as the "safe" browser? The mind reels.
I know there are alternatives (Opera, Konq, etc.), but presumably Mr. Grossman is addressing mostly Windows users.
Extremed INsecurty web browsing (Score:2, Funny)
The fool is using the same computer to go to both important and random web sites! And he's probably using Windows, too!
If you care at all about security, you create a separate virtual machine for every web site you visit, and you only go to your banking site with an up-to-the-second-patched copy of lynx running on an obscure OS and platform, like OpenVMS running on DEC Alpha hardware, for example.
If you *really* care about security, you use telnet on an OS you wrote yourself. And you carefully scrutinize every line of the telnet code and TCP stack for security flaws.
'Extreme Safety' driving (Score:5, Funny)
Re:'Extreme Safety' driving (Score:2)
This plan isn't that crazy (Score:2)
It isn't absolute security - but it is a hell of a lot more than most of my colleagues use.
Dumbest Thing I Have Ever Heard (Score:2, Insightful)
The story is specifically about CSRF... (Score:2)
If a banking site does not use some kind of nonce in each request (or check referrers, or request confirmation, otherwise attempt to prevent this class of attack), then someone could stick <img src="http//bankingsite.example.com/account_management?req=transfer_funds&amt=5.00&target=badguy"> in a web page (say, as the avatar image for some throwaway account on some naive web forum) and bob's your uncle... a salami attack. I'm sure you can think of other possibilities.
[url deliberately broken to keep
Promiscious and Prudish? (Score:2)
Better idea would be... (Score:2)
confusing web security with girl-friend security (Score:5, Insightful)
It's also a good idea to have "honeypot porn" which is basically, a few very innocuous sites that you vist in IE that you intentionally want her to find - because once she starts looking, she's going to keep looking until she finds something. Best to give her something to find. Let her think you go to maxim.com or something.
Re:confusing web security with girl-friend securit (Score:4, Interesting)
Re:confusing web security with girl-friend securit (Score:2, Insightful)
Re:confusing web security with girl-friend securit (Score:4, Insightful)
Lynx (Score:2)
Why do online banking? (Score:2, Interesting)
Why do online banking?
My bank had a poster in the lobby stating that they used "state of the art" security measures to protect their online banking customers. I reflected on the state of the art and wondered why anyone would trust their money with online banking. For me the risk / convenience just doesn't work out. My electronic banking is limited to checking balances and cleared checks by phone. I know my account number and password are transmitted in cleartext (clearbeeps), but access to the phone network is reasonably limited and the phone access system doesn't allow transfers to anywhere but my other accounts. I'm curious what benefit other people feel they get from online banking.
I'm a little troubled by the security researcher's online banking ritual. Its not that it doesn't make sense technically and help protect against a class of attacks. It just feels wrong. It feels like he is performing a ritual to reassure himself before doing his online banking, which he clearly has reservations about. He does not discuss any other measures he takes to secure his system.
Those who talk about booting off a live CD such as Knoppix sound a little more sensible to me, as the integrity of the system is pretty well ensured. This isn't an approach that scales well to the general public, though, for reasons of convenience and knowledge. It involves education about the risks, downloading and burning and ISO and sometimes fiddling with BIOS settings - not something that the bank is likely to ask users to do. A bootable read-only flash drive might simplify things, though. Maybe a security minded bank would distribute bootable read-only flash drives with built-in password-generating fob. Plug in, boot, see browser window already pointing to your bank's site with secure connection. Type in account number from a card, password from memory and number from fob. Now I want to know how you would break this system. Let the replies begin...
-Jon
Secure Password Manager (Score:2, Insightful)
Let us understand the flaws of this guys "grand" idea:-
1 - There is no as such a absolutely secure browser, there is no stealth mode even if you are on it how are you going to log into an account?.(Every one has holes too;)
2 - Browse without "Anonymous" proxy and your IP is advertised, i.e.. your system is out in the open..(Like someone mentioned - Keyloggers,trojan.. many many others can evade)
3 - There are always SBS(Some Bloody Software) trying to open ports for pirates.
4 - In an era of high bandwidth internet where is the wait to guess what's wrong with a computer.( scan it all )
Now..
Think, why do you have brains?
Can it keep secrets?
Can you trust it?
1- Remember and Type all your passwords & user id's- its tough if you are used to someone else remembering the password for you, its proven good for your brain..
2- Accept cookies from sites you trust ( avoid inter-site tracking cookies )
3- Keep no cache memory
4- Use ssl login whenever possible. (https://mail.google.com/mail/)
5- Use a browser without susceptible addons
6- Hide your WAN IP. ( google "anonymous browsing" )
7- Try to even remember your account numbers ( After a while it dissolves )
Give it a thought.
why wouldn't just logging out work? (Score:2)
Virtual machine (Score:3, Informative)
http://www.vmware.com/products/player/ [vmware.com]
It also has a secure browsing "virtual appliance," or virtual machine with software pre-installed:
http://www.vmware.com/appliances/directory/browserapp.html [vmware.com]
The software is open-source.
Ridiculous (Score:2)
A better solution without buying more hardware is use a Linux or FreeBSD live CD for the "secure" browsing.
A compromise without physically rebooting would be to do your "insecure" browsing under virtualization.
A further step down is to do your "secure" browsing under virtualization with encrypted volume.
Any one of the above is a lot more secure than TFA.
Re:I surf in a virtual PC (Score:2)
Re:i do something similar (Score:2)
i use Firefox with NoScript for general purpose browsing
That's what I'm doing. Firefox with NoScript on Linux. I never access secure systems from a Windows box.
It may be a false sense of security but so are anti-virus programs [heise-security.co.uk]. Every Windows machine I've ever cleaned had some type anti-virus program running, many with up to date signatures.
Signed code is no solution. There is no code here. (Score:2)
In addition, the attack this is attempting to deflect does not require local execution privileges. It doesn't even require sandboxed Javascript. There's no executable code involved at all.
Re:Virtual machine (Score:2)
- when you sleep with somebody you don't trust, you wear a condom
- when you sleep with someone you trust, you don't need a protection
'Trust' and 'Security' don't mix, because there's always that one little hole.