SoylentNews is people
SoylentNews
Desktop / Laptop privacy & security of web browsers on Linux part 1: concepts and theory
Web browsers today are everywhere, and they are a huge pile of
shitcode, full of shiny things that hide sometimes bad surprises, but, despite this fact, you want to use it daily cause oftoomany things today depend on you to visit a web site often requiring you[r] latest web technologies.Even if many vendor[s] today take browser security seriously, the fast evolution of web standards make [it] very hard to care about that on such big projects, and almost everyday in the wild appear a new method to fuck poor users using the web as a vector of evil code, using both browser vulnerability or user
stupidityinnocence.There is no 100% security, if anyone tell[s] you he has the panacea of all evil things and can show you how to be 100% protected online, it's a liar, no exception. Despite that, something can be done to be at least a little bit more secure and block the most common attack vectors, with a cost in terms of usability that is really cheap.
[Continues...]
Desktop / Laptop privacy & security of web browsers on Linux part 2: firejail based sandboxesThere are many tools in the wild to build the sandboxes using the features explained, some more user friendly, other more complex, some more complete, other more specific to one or few features.
After some tests and with the help of many friends from the Veteran Unix Admins group on facebook, the primary tool I've chosen to use is firejail.
Firejail is a great utility aiming to build sandboxes and it match almost perfectly our needs. With just a little bit of shell scripting, a little patch I have sent to firejail and a couple of other tools supported by firejail itself, we have all what is needed for our architecture.
(Score: 3, Informative) by rob_on_earth on Wednesday August 10 2016, @10:58AM
For that last couple of weeks I have been doing all my web browsing in a VM that at the end of the session I just close and restore to previous snapshot.
Although there is VM escape code, keeping the VirtualBox up to date seems to be more secure method thatn trying to patch browsers, plugins, blacklists etc.
Most reports indicate that malware that detects VM environments will actively shutdown to avoid detection.
(Score: 2) by bzipitidoo on Wednesday August 10 2016, @01:50PM
I sometimes su to a user account I created expressly for browsing dubious websites. Maybe not as secure, but a lot lighter than running a VM.
(Score: 1) by driven on Thursday August 11 2016, @05:10PM
Have a look at Running GUI apps with Docker [fabiorehm.com] to run Firefox or whatever browser inside a Docker container. Destroy the container when your browser session is done. Should be able to run as many containers as you want, too.
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @04:27PM
Can you run virtualbox rootless?
By that I mean have the application's windows appear like native apps in the x server rather than run in a pseudo-desktop window?
(Score: 2) by butthurt on Thursday August 11 2016, @01:13AM
If you can get these these possibly outdated instructions to running virtualbox in windowless/headless mode to work:
http://www.thatsgeeky.com/2012/03/windowless-virtualbox-vms-windows-host/ [thatsgeeky.com]
then set up a host-only network interface on your VM, have sshd listen on that interface, and connect to that with ssh -X from your host, it should do what you have in mind.
(Score: 2) by frojack on Thursday August 11 2016, @01:39AM
Late versions of Virtualbox run headless with no drama. (at least in linux)
VBoxManage startvm "VM name" --type headless
I prefer to talk to mine with vnc, as it at least pretends to be secure.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday August 11 2016, @01:38AM
It takes some work, but you can do this: https://www.virtualbox.org/manual/ch04.html#seamlesswindows [virtualbox.org] VMWare and most others have a similar, but differently named, feature.