[comp.os.linux.security] Re: Firefox security question

On Thu, 09 Feb 2006 05:40:52 +0000, Crashdamage wrote:

On Wed, 08 Feb 2006 22:37:46 -0500, General Schvantzkoph
<schvantzkoph@xxxxxxxxx> wrote:

What I'm concerned about is if there is another way that a website can
pull sensitive information off of your system via the browser.

Not really, other than your general location via IP address. Of course
a check with BrowserHawk http://www.cyscape.com/showbrow.aspx?bhcp=1
will give a lot of info about your computer, but that's not a problem.

Firefox remembers all sorts of things like phone numbers and addresses
and automatically fills in forms. While this is very convenient it feels
awfully dangerous, you certainly wouldn't want a random website to be able
to grab a credit card number or your social security number without your
having to explicitly submit the form. What's Firefox's mechanism for
protecting information like this?

It IS dangerous to allow auto-fill-in of forms. Turn it off! I don't
want Firefox to remember any of that stuff.

To do it, type 'about:config' in the Firefox address box. Scroll down
to this line and double-click it so it resets like this:

browser.formfill.enable user set boolean false

Also a good idea to not allow websites to track what other sites you've
been to. To do that, scroll on down to these 2 lines and double-click
them so they are reset like this:

network.http.send RefererHeader user set integer 0
network.http.sendSecureXSiteReferrer user set boolean false

Thanks, I've turned these off.

To keep anyone from grabbing bank account, credit card or Social
Security numbers, or passwords for stuff like online banking etc. it's
best to just not have them anywhere on your HD. That way, even if
someone hacks directly in by guessing a password or whatever, that kind
of information is simply not there for the taking.

Of course it helps to do more system security measures such as an
occasional rootkit check, installing Bastille and Portsentry, etc.


I'm not worried about someone breaking into my systems, the only open port
is ssh and I don't allow password authentication, only RSA. It's the
browser that seems to be the weak point on a Linux system because it can
run JAVA and because access to all sorts of sensitive info.


.

Relevant Pages

  • Re: Microsoft Browser Under Scrutiny
    ... I already know this, I subscribe to Microsoft Security Updates, and I have ... especially Outlook and Internet Explorer. ... > ubiquitous Internet Explorer browser. ...
    (microsoft.public.windowsxp.general)
  • Re: Microsoft Browser Under Scrutiny
    ... I already know this, I subscribe to Microsoft Security Updates, and I have ... especially Outlook and Internet Explorer. ... > ubiquitous Internet Explorer browser. ...
    (microsoft.public.windowsxp.basics)
  • Re: Microsoft Browser Under Scrutiny
    ... I already know this, I subscribe to Microsoft Security Updates, and I have ... especially Outlook and Internet Explorer. ... > ubiquitous Internet Explorer browser. ...
    (microsoft.public.windowsxp.newusers)
  • Re: [Full-Disclosure] RIP: ActiveX controls in Internet Explorer?
    ... > source of security holes in Internet Explorer. ... > judgment against Microsoft for patent infringement. ... > Internet Explorer rather than pay Eolas any more money. ... > Internet Explorer browser looks like the perfect time to put pressure on ...
    (Full-Disclosure)
  • Re: Critical error 101 on MS AntiSpyware install
    ... Not to mention everyone and their brother that is on the firefox high ... low and behold - Windows Help opens up - hum, ... because the one thing that was on on my little browser was the little ... Just use windows security, and not ignore ...
    (comp.security.firewalls)