jfreak,
My understanding is this problem has been fixed in Debian, or at least a temporary workaround since the root of the problem seems to lie with the web page implementation of SSL.
The best protection against this problem for Mint is probably using "noscript" in Firefox and a DHCP connection to the Internet where possible until the fix filters down to Ubuntu.
Fred
SSL NO LONGER SECURE
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
-
Fred
Re: SSL NO LONGER SECURE
Last edited by LockBot on Wed Dec 07, 2022 4:01 am, edited 1 time in total.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
Reason: Topic automatically closed 30 days after creation. New replies are no longer allowed.
-
Fred
Re: SSL NO LONGER SECURE
jfreak,
When I referred to a Debian fix/workaround I was referring to Iceweasel, not the operating system.
In order for a man-in-the middle to work there has to be someone there waiting. Hence the DHCP recommendation. Static ips attract bugs like sugar-water.
Noscript prevents running code in the browser, as the old attack you referred to required. I don't know about the new and improved version you talked about. I haven't seen it.
I am not saying you will be safe if you do these things, just that your odds are improved somewhat.
If you really feel paranoid, I would suggest you set up another user, (untrusted) with no privileges and run your browser, whatever it is, from that user account. Set your permissions so that the untrusted user doesn't have read/write access to your other user's data, but the other user has access to the untrusted user's data. Set the desktop folder of the untrusted user to root ownership and read only. Set the auto start folder to root ownership and read only. Regardless of what comes in on the browser it can't go anywhere, do anything, or destroy any data.
Fred
When I referred to a Debian fix/workaround I was referring to Iceweasel, not the operating system.
In order for a man-in-the middle to work there has to be someone there waiting. Hence the DHCP recommendation. Static ips attract bugs like sugar-water.
Noscript prevents running code in the browser, as the old attack you referred to required. I don't know about the new and improved version you talked about. I haven't seen it.
I am not saying you will be safe if you do these things, just that your odds are improved somewhat.
If you really feel paranoid, I would suggest you set up another user, (untrusted) with no privileges and run your browser, whatever it is, from that user account. Set your permissions so that the untrusted user doesn't have read/write access to your other user's data, but the other user has access to the untrusted user's data. Set the desktop folder of the untrusted user to root ownership and read only. Set the auto start folder to root ownership and read only. Regardless of what comes in on the browser it can't go anywhere, do anything, or destroy any data.
Fred
-
Fred
Re: SSL NO LONGER SECURE
jfreak,
Ahhh... one more challenge.
Thanks for the heads-up.
Isn't life grand!
Fred
Ahhh... one more challenge.
Thanks for the heads-up.
Isn't life grand!
Fred
-
Fred
Re: SSL NO LONGER SECURE
jfreak wrote:
Later,
Fred
Very good idea indeed.Now to find something to eat...
Later,
Fred
Re: SSL NO LONGER SECURE
jfreak,
thanks for the heads up on this!!
I don't do any online banking
and from what I've read here,
I'm not going to start
Fred,
your advice, as always, is good!
I use noscript religiously!
Cheers,
Deadguy
thanks for the heads up on this!!
I don't do any online banking
and from what I've read here,
I'm not going to start
Fred,
your advice, as always, is good!
I use noscript religiously!
Cheers,
Deadguy