| 1 |
On 170107-23:27+0100, Floyd Anderson wrote: |
| 2 |
> On Sat, 07 Jan 16:51:41 +0100 |
| 3 |
> Meino.Cramer@×××.de wrote: |
| 4 |
> >Hi, |
| 5 |
> > |
| 6 |
> >what Firefox-Version/what browser is the most secure one for Online-Banking? |
| 7 |
> |
| 8 |
> Who is able to tell about that? I think nobody which has evaluated this |
| 9 |
> for every version (if some really has) is reading this list. |
| 10 |
> |
| 11 |
> I would recommended at least a separate well configured browser profile |
| 12 |
> for the banking purpose and to strip off all unnecessary connections. |
| 13 |
> |
| 14 |
> The latter can be achieved by using a Proxy Auto Config (PAC) file [1]. |
| 15 |
> Have a look at [2] for more background information on this — even when |
| 16 |
> it’s quite old. |
| 17 |
> |
| 18 |
> For Mozilla Firefox create a file (e.g. “proxy.pac”) with following |
| 19 |
> content for example (don’t copy ’n paste, the spaces aren’t such): |
| 20 |
> |
| 21 |
> function FindProxyForURL(url, host) { |
| 22 |
> // Proxy bypass logic |
| 23 |
> if ( |
| 24 |
> dnsDomainIs(host, '.your-bank.com') |
| 25 |
> // || dnsDomainIs(host, 'addons.cdn.mozilla.net') |
| 26 |
> // || dnsDomainIs(host, 'addons.mozilla.org') |
| 27 |
> ) { return 'DIRECT'; } |
| 28 |
> |
| 29 |
> // Redirect all other requests through localhost which should always |
| 30 |
> // fail due no listen server. |
| 31 |
> return 'PROXY 127.0.0.1:65535'; |
| 32 |
> } |
| 33 |
> |
| 34 |
> and place it in the root of your browser profile, apply it due property |
| 35 |
> “network.proxy.autoconfig_url” or via GUI by using the “file:” protocol |
| 36 |
> in about:preferences#advanced > Network > Connection Settings. |
| 37 |
> |
| 38 |
> Before you ask, I’ve never tried to use a relative path definition which |
| 39 |
> may be important on an USB device nor can say if it’ll also work. |
| 40 |
> |
| 41 |
> Notice the comment lines for the mozilla domains. Comment those out if |
| 42 |
> you really need to use add-ons in a banking profile and want to have a |
| 43 |
> more comfortable way to update them. But you know, comfort/add-ons and |
| 44 |
> security is often like fire and water nowadays. |
| 45 |
> |
| 46 |
> To test that only your banking connection is possible invoke: |
| 47 |
> |
| 48 |
> /usr/bin/firefox --private-window "https://www.example.com/" --no-remote -P banking.profile |
| 49 |
> |
| 50 |
> |
| 51 |
> [1] <https://calomel.org/proxy_auto_config.html> |
| 52 |
> [2] <https://web.archive.org/web/20040821144727/http://developer.netscape.com/docs/manuals/proxy/adminux/> |
| 53 |
|
| 54 |
The above method certainly looks appealing to me and calomel.org is |
| 55 |
designed great. But that would take me time to understand. |
| 56 |
|
| 57 |
Can I ask you, and other readers, a question which is only partly |
| 58 |
related to the above. |
| 59 |
|
| 60 |
Related insomuch as Tor is about proxying as well. |
| 61 |
|
| 62 |
I'm looking at: https://wiki.gentoo.org/wiki/Tor |
| 63 |
|
| 64 |
It appears to me that, with a grsecurity-hardened kernel-base Gentoo |
| 65 |
machine, using TBB is next to impossible (tried it, doesn't work the |
| 66 |
simple user way _at all_). Neither did I have much luck with Whonix, since |
| 67 |
porting Whonix to Gentoo appears dead, to say just so much about my |
| 68 |
tries. Also the Tails page... Aaahhh, I have to find it, to make at |
| 69 |
least that info complete... |
| 70 |
|
| 71 |
https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html |
| 72 |
|
| 73 |
[Also that Tails page] requires translation for a non-dbus system |
| 74 |
like mine (no dbus in your system, no GUI virt-manager you get), the |
| 75 |
translation (not languagewise but methodwise) of that GUI virt-manager |
| 76 |
tutorial into virsh command line tutorial, which hasn't been done yet. |
| 77 |
|
| 78 |
I close to entirely abandoned Firefox because Mozilla promissed with |
| 79 |
solemn repeated oaths, that they will impose Pulseaudio on all Linuces, |
| 80 |
else no audio in Firefox (a long --heavily diverted-- thread about that |
| 81 |
at end-of-2016 in this ML), and I am using Palemoon, pretty happily so |
| 82 |
far, for all any any browsing. |
| 83 |
|
| 84 |
Has anybody got Palemoon to work as Tor browser like Firefox is set to |
| 85 |
work in the abovementioned https://wiki.gentoo.org/wiki/Tor page? |
| 86 |
|
| 87 |
That I believe would be great, because I'm banking on Palemoon to grow, |
| 88 |
and it appears to me they might be good on privacy, much better that |
| 89 |
Mozilla (well I'm only betting on them, I'm not an expert to be able to |
| 90 |
really tell...)! |
| 91 |
|
| 92 |
-- |
| 93 |
Miroslav Rovis |
| 94 |
Zagreb, Croatia |
| 95 |
http://www.CroatiaFidelis.hr |
Archives