Mozilla saving some site details?

[Deleted member 30996]

I also use a usergent spoofer as my core third choice of extension. If a web site can deem your OS and browser versions a simple reference might reveal potential exploits. Throw a selective exploit at the wrong OS and/or browser and more than likely it will fail.

That's what I always figure, too.

I have 2 browsers I use regularly. One where I don't spoof my user agent for coming here and that other place where it shows what OS you're using and another where I spoof a Mac or Windows for general browsing. I do have a switcher on both.

 

[drhowarddrfine]

I think you guys need to find a hobby.

 

[Deleted member 30996]

I think you guys need to find a hobby.

I'll take that as a compliment as I know how you hold FreeBSD hobbyist in disdain.

 

[Phishfry]

Why you kicking sand in the doctors face. He just wants the beach to himself.

 

[Phishfry]

Actually a esteemed member here was recommending USB ethernet devices to avoid MAC fingerprinting.
I thought to myself WOW, I thought I was paranoid. Does he replace them on a schedule.

Just never thought of avoiding the motherboard Ethernet for MAC security implications.
Its one of those conveniences I live with I guess. Life is a tradeoff.

 

[Deleted member 30996]

Boy, things are really looking up for me.

An endorsement by the Honorable drhowarddrfine and at the apex of achieving aspirations of accreditation as the deamon I've always appropriately warranted.

 

[drhowarddrfine]

I know how you hold FreeBSD hobbyist in disdain.

Not at all. Quite the opposite. My issues are only with kids, lids and space cadets as I said 12 years ago.

 

[rufwoof]

I may use www/lynx exclusively before it's over, or decide to forgo internet altogether.

When my ISP upgraded I had a netgear router left over, so I set up a old Celeron tower PC box connected directly to the ISP's hub/router (192.168.1.x network), and the netgear off another of the main routers LAN ports (connected to the netgears WAN port) - off which all other PC's/kit connect (10.0.0.x network i.e. netgear LAN ports). That Celeron has OBSD installed, so by default has a httpd and X ...etc. and adding netsurf to that means I can ssh from my desktop system (in the 'secure' area behind the netgear router) to that Celeron's netsurf

ssh -X -C user@192.168.1.9 netsurf-gtk

X forwarding is set in the /etc/ssh/sshd_config of the Celeron box, and the main ISP's router/hub is set to prohibit ssh (so can't be accessed externally), but forwarded in the netgear router (so I can ssh between the local LAN segments).

I did try firefox at one time, but that was slow to render, dillo and/or netsurf are much more usable. I also have the ISP router setup to forward https, so that box can be used as a web server.

Conceptually I could have no internet/browser programs on my main (10.0.0.x network) desktop and just use that Celeron PC based browser, perhaps even where the celeron was a DVD read only device as well, but I haven't gone to such extremes.

My plan is to use a smaller scale device at some point i.e. swap out the Celeron for perhaps a Pi or similar device. If that installation is light/small enough I could even set it up to be rebuilt daily (back to 'factory fresh') - such that it wouldn't really matter what might occur (hacked).

There are still risks, for instance the ssh connection security and all traffic flowing from the second to first/main router, but that's no different to any normal traffic flowing over the internet. Also the main routers admin could be compromised if the Celeron was hacked, but I have that router set to be relatively secure as to how the admin might be accessed.

sshfs is a nice addition to that setup, as I can create a local (10.0.0.x PC) mountpoint (/mnt/celeron) and sshfs mount the Celeron box, so accessing files on that box is as easy as any other local folder (I use rox-filer as my preferred file manager).

sshfs root@192.168.1.9:/ /mnt/celeron

Must admit however that I also think that 'the internet' is becoming too overloaded with different technologies/risks. Usenet/news/mail groups text only type alternatives may very well have a rival ... and leave http type protocols for the likes of handheld/smartphones.

 

[rufwoof]

Reverse ssh is also nice. My 192.168.x.x box for instance can't see my 10.0.x.x box and whilst ssh isn't forwarded so can't be accessed externally, I can ssh from 10.0.x.x to the 192.168.x.x

Which means I can set the 10.0.x.x to reverse ssh into the 192.168.x.x, such as ssh -R 19999:localhost:22 192.168.x.x ... and then ssh through that tunnel back from the 192.168.x.x box i.e. ssh -p 19999 user@localhost

and/or copy files using scp once that reverse ssh tunnel has been set up (first command above) i.e.

scp -P 19999 user@localhost:/home/user/somefile.txt /tmp/somefile.txt ... to copy from the 10.0.x.x box to the 192.168.x.x box ... or
scp -P 19999 /tmp/somefile.txt user@localhost:/home/user/somefile.txt to copy a file the other way around.

If the 192.168.x.x were hacked then it needs to know the port, userid and password. Conceptually the 192.168.x.x box could be set up to hide PID's (not sure of the BSD syntax though for that though, as I've only ever done that under Linux using the unshare command).

If the 192.168.x.x PC is sacrificial, perhaps a liveCD type boot with no HDD or other rw storage, then that could be rebooted regularly back to pristine again whilst being used for general browsing. And where the 10.0.x.x box is for file storage/access on a on-demand (scp) type basis. Could even be headless providing the initial ssh tunnel setup were set to autostart on reboots. Having a local 'cloud' type secure file storage is potentially better than sending/storing files in the cloud (over the external net).

 

[Deleted member 30996]

Reverse ssh is also nice.

I have a very simple Ethernet network, no wi-fi, consisting of the cable modem my ISP provided going to my Netgear router, which has 4 Ethernet ports. I have a nice Netgear managed switch I can use with it to get 7 machina online at once, but that is pushing it for the space available. I disable SSH, and IPV6, during the build since I have no need for remote access in addition to a number of other services in rc.conf:

sshd_enable="NO"
cupsd_enable="NO"
winbindd_enable="NO"
samba_enable="NO"
telnet_enable="NO"
webcamd_enable="NO"
lpd_enable="NO"
rlogin_enable="NO"
nfs_server_enable="NO"
nfs_client_enable="NO"
portmap_enable="NO"
inetd_enable="NO"

I also run sockstat -l4 and netstat -an to see what ports are open and deal with them in /etc/pf.conf.

 

[rufwoof]

I disable SSH, and IPV6, during the build since I have no need for remote access in addition to a number of other services

Enabling ssh internally, but blocking it at the router so no external ssh access is reasonable and useful IMO, at least when all users on that LAN are trustworthy (family).