[Brmlab] most secure web browser for a laptop/desktop computer

sachy at lainspira.net sachy at lainspira.net
Fri Mar 14 10:19:09 CET 2014


Hi,
you can actually run the browser in virtual machine. No need for complicated
setup, liveCD should be fine. If you would like to configure it deeply, 
install the virtual system and make a clear ready-to-use snapshot.

The network communication can be even obfuscated by proxies/TOR as needed 
without any knowledge/influence of the hosting system.

sachy



---------- Původní zpráva ----------
Od: timothyhobbs at seznam.cz
Komu: Brmlab: Hackerspace Prague (main discussion) <brmlab at brmlab.cz>
Datum: 14. 3. 2014 9:44:03
Předmět: Re: [Brmlab] most secure web browser for a laptop/desktop computer

"
Hey!

<snark>

Tell me more about your usecase.  One can get pretty far, by installing 
chromium on the raspberri pi, setting the "read only" physical switch on 
your SD card to true, connecting to the PI via VNC, and rebooting the pi on 
every page refresh.  If you want to do "tabbed browsing" you can have a 
stack of 5 or six Pi's on your desk, with one Pi per tab.  How secure do you
need?

</snark>

Joking aside,  chromium has a security model of putting each tab in it's own
user namespace.  This should be pretty secure, though privilege escalation 
attacks on Linux are far from unheard of.  Firefox, on the other hand, has 
many more security options in terms of "limiting attack surfaces".  On 
firefox you can "lock the browser down" by dissabling scripts, images, 
multimedia, ect.

<snark>
Other good browsers, for the extremely paranoid, are the text based ones.  
This comes from the ease with which one can do a practical version of my 
previous Raspberi pi stacking joke, throw links or elinks(both browsers of 
Czech heritage) into a VM running something light like busybox, and ssh in 
to browse the web.  Make sure your VMs are stateless(the same as having that
physical read only switch turned on on the raspberry pi) and that you 
restart them every couple of minutes while web browsing.  These text based 
browsers have an advantage, for us brmlab members.  If you choose to use, 
say elinks, then you can personally go and beat the shit out of pasky if you
find a security flaw in it.  This should motivate him to ensure high coding 
standards, and not to waste time doing useless biolab research and other 
time-wasters like sleeping.

While we're dealing with security, we have yet to discuss such security 
methods as proxies and tor.  Of course you don't want an attacker to gain 
access to your system.  One of the greatest threats is physical access.  If 
the police come to your house, break down your door, and steal your laptop 
they may be able to access your bank account information.  To limit these 
risks, of course encrypted memory, and writing nothing to disk can help.  I 
like to make it an integral part of my houses alarm system, that if the door
is opened unexpectedly, my computer restarts, thus ensuring all my data
(which is held in an encrypted ram disk, is safely lost).  However, there is
still risk.  So in order to escape that risk, we use TOR and other services.
  My recommendation is to not use TOR directly but through several layers of
proxy.

</snark>

Timothy

---------- Původní zpráva ----------
Od: Mario Lombardo <mario at alienscience.com>
Komu: Brmlab: Hackerspace Prague (main discussion) <brmlab at brmlab.cz>
Datum: 14. 3. 2014 0:14:30
Předmět: [Brmlab] most secure web browser for a laptop/desktop computer

"Hi everybody. 
I don't want to start a holy war, but what do you consider the most secure 
web browser for a laptop/desktop OS? Academic replies are also welcome.
zatím
/mario

_______________________________________________
Brmlab mailing list
Brmlab at brmlab.cz
http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab"
_______________________________________________
Brmlab mailing list
Brmlab at brmlab.cz
http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://brmlab.cz/pipermail/brmlab/attachments/20140314/7bd752ee/attachment-0001.html>


More information about the Brmlab mailing list