Page 1 of 2

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 01:27
by RU55EL
bester69 wrote:My point, is
I dont think none in world is looking for a me to rapped me, isnt it?[...]
OK. That is your opinion, and it is your choice to decide how important security is on your system.
bester69 wrote:I see it really silly the critycal worry of having to update the browser in a linux system. It can't be infected in the code as we're talking about linux persmissions , to practical effects, the app is behaving as it was a hardware device or an old Livecd.[...]
This is wrong! Every single Linux computer can be hacked! It might not be easy, and it is certainly not probable in many cases. To claim otherwise is wrong.

bester69 wrote:And we dont put to update router's firmware everyday, dont we?. [...]
This is true, at least with me. I check for router firmware updates every three months. I prefer DD-WRT firmware.
bester69 wrote:The only risk i see here with outdated browsers, might be with an infected addon ..supposing that's even possible (by exploiting a vulenerability browser's hole in remote and behing router.
Just because you can't see the risk or vulnerability, doesn't mean it doesn't exist.

My point is that it is your choice how much security you want to worry about. But, don't spread the idea that Linux isn't vulnerable. Don't mislead others into thinking there are no threats or vulnerabilities.

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 05:56
by nnm
The problems lie not in outdated browsers but rather browsers not actively receiving security patches as holes are discovered. That, and poor browsing habits.

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 06:59
by debiman
bester69, you asked a question.
you got some answers.
and now you're doing everything to disprove those answers.
it's like i said in that other thread: you won't listen to advice.

or maybe you just hope for someone to come along and say:
"It's OK. You have permission to run an outdated browser."
There. I said it.
Happy now?

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 07:51
by nnm
debiman wrote:you won't listen to advice.
Hey, at least there is no jumbo sized screenshot in this thread (yet).

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 08:17
by alan stone

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 09:49
by bester69
debiman wrote:bester69, you asked a question.
you got some answers.
and now you're doing everything to disprove those answers.
it's like i said in that other thread: you won't listen to advice.

or maybe you just hope for someone to come along and say:
"It's OK. You have permission to run an outdated browser."
There. I said it.
Happy now?
yeah, I like to listen all of your opinions and get some more feedback.. WIth all of it, I got my own conclusions, and will keep running my outdated browser (I know that conclusion is subversive and political incorrect, its just my character im like that in politics and life as well, just dont feel upset for it).
Listen all of your reasons and explanations, and I feel enought secure by using and oudated browser in linux.

Thanks for share yout thoughts. :wink:

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 14:18
by debiman
bester69 wrote:yeah, I like to listen all of your opinions and get some more feedback.. WIth all of it, I got my own conclusions, and will keep running my outdated browser (I know that conclusion is subversive and political incorrect, its just my character im like that in politics and life as well, just dont feel upset for it).
Listen all of your reasons and explanations, and I feel enought secure by using and oudated browser in linux.
my point precisely.
so why start this thread? (psst: rhethorical question, answer not desired!)
also, i'm not upset. i'm having fun :D
alan stone wrote:The Damn Vulnerable Linux distribution, which didn't include web browser software, is discontinued.
so... is it still safe to use it?
what if i separately install a browser (outdated or not)?

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 14:55
by Thorny
debiman wrote:
alan stone wrote:The Damn Vulnerable Linux distribution, which didn't include web browser software, is discontinued.
debiman wrote:so... is it still safe to use it?
what if i separately install a browser (outdated or not)?
Since it was devised as a training system for university lectures teaching about security issues, I'd guess it is as secure as it ever was. Personally, I wouldn't connect it to the Internet. [Edit] Wait a moment, I had another thought, perhaps it would be good to use if you want to set up a honeypot. ;-)

The package list on that Distrowatch page lists Firefox 56.0.1 but if alan stone is more familiar with DVL, he may be correct. All I did was read the link provided. [Edit] Oops, upon reading it again I see the - in the column. Sorry for the noise.

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 15:10
by ruffwoof
Security is a process, not a product.

Security products try to instil a bad practice sense of feeling safe. For a single user home system it's better to have a mindset that your personal laptop/PC to be no different to using a public PC. Mindful that anything you do or store might be seen/changed/deleted/taken by someone else. Which involves keeping good copies (backups) elsewhere. And when it comes to doing banking approach that from another angle and strive to use a secure system ... such as a pristine liveCD booted read only system (runs in ram without even mounting any HDD's). In that context running older versions of browsers might be considered as being OK ,,, but perhaps not as good as a barrier as running with the latest version.

Isolation/separation is along the lines of how smartphones manage security. If a factory fresh browser session is used on one channel that connects directly to your bank, nowhere else before or after, then the age of the browser is less of a issue.

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 15:31
by bester69
ruffwoof wrote:Security is a process, not a product.
...
Isolation/separation is along the lines of how smartphones manage security. If a factory fresh browser session is used on one channel that connects directly to your bank, nowhere else before or after, then the age of the browser is less of a issue.
In this case Isolation doesnt apply, as we're only considering the use of a browser with some vulnerabilies, not the rest of apps or system. I dont see the differnce between using and old livecd and an oudated browser, as long as the rest of the system keeps updated.

Still trying to figure it out how can they manipulate my browser by using any hole if they cant get/break any paswords account in my system.
What can they do in remote??:
- redireccting web for a phissing portal??,
- forcing the installing of hidden rootkit (bad addon)??,
- Getting access to my cloud account if im connected??

-->>I still dont know what are really the dangers we might face..im just guessing :shock:, If they can get access to my clou account, I might consider keep using an oudated browser, please I need clarification about it

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 16:26
by ruffwoof
The usual target vector is to use a vulnerability to execute code, typically where that code might download a small file/packet from the hackers web site, tries running that downloaded file ... in a repeated loop. Once running that looping sequence can have dug in deeply and propagated onto other systems within the same LAN very quickly, especially if the looping code is also sending out researched results (such that the next file downloaded can be refined to more specific targeting). Any security system is only as ever as strong as its weakest link. Once in, the strength of the rest of the systems external resilience to penetration is immaterial, little different to if the hacker was sitting at the PC with a command line prompt. Most systems have barriers to incoming traffic (firewall), but freely allow outgoing (and the associated response) traffic.

As a example Mozilla publish details about patched vulnerabilities and a hacker would typically scan those for cases of where "could execute arbitrary code" and focus in on writing code to exploit that. Then any visitor to one of the hackers web sites that indicated a earlier version of the browser might have that exploit deployed.

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 19:30
by stevepusser
Yes, bester69, why don't you check out the annual pwn2own contests and see how the winners typically crack and take over the target machines completely for big prizes? It's almost always with holes in browsers or browser plugins. Linux distros are usually the most resistant, but they have been pwned.

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 20:26
by bester69
stevepusser wrote:Yes, bester69, why don't you check out the annual pwn2own contests and see how the winners typically crack and take over the target machines completely for big prizes? It's almost always with holes in browsers or browser plugins. Linux distros are usually the most resistant, but they have been pwned.
Ok, AS allways your contributions are very usefull to me, this sounds very interesting.. I will take it a look..

thanks :)

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 20:38
by HuangLao
Better yet, bester could post in a linux forum that he likes outdated browsers, then the IP could be backtraced. :roll:
These sites reveal everything about your browser including, plugins, your location, your current time etc...:
https://www.whoishostingthis.com/tools/user-agent/
https://www.doileak.com/
https://ipleak.net/

or you could go to this annual event and play with the big boys..,
https://www.blackhat.com/

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 22:51
by ruffwoof
HuangLao wrote:These sites reveal everything about your browser including, plugins, your location, your current time etc...:
https://www.whoishostingthis.com/tools/user-agent/
https://www.doileak.com/
https://ipleak.net/
Got my location ... down to a radius encompassing a 10 million population. IP was right, and time (UK). Many other things unseen as Javascript disabled (noscript). Debian running firefox-esr reported as
Your User Agent is:
Mozilla/5.0 (Linux; Android 5.1.1; Nexus 4 Build/LMY48T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.89 Mobile Safari/537.36
i.e. nothing like the actual due to spoofing my useragent to a Android Chrome lookalike.

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-21 23:19
by bester69
With all comments said, I now feel safer using the oudated browser,
i see there is nothing to be afraid, in the same way i will keep letting the door of my apartment unlocked. It just common sense, at least my common sense, that perhaps is different to yours.

See my neightbour, he locks door even when he arrives at home and he's inside (i dont get it, perhaps he thinks badly of me :shock: ). Its an apartment, its second floor, its a small flat , we all know each other, there're two main doors before coming inside the flat, so its more or less the same than with my browser.

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-22 01:35
by stevepusser
Hey, what's your apartment number? And I have sent you a package with an amazing surprise inside, but you need to pick it up tomorrow across town at exactly 1:30 PM. :) :evil: :) :evil:

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-22 01:51
by HuangLao
LMAO Steve, that completely reflects your avatar.... :lol: :lol: :lol: :lol:

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-22 03:53
by alan stone
bester69 wrote:Listen all of your reasons and explanations, and I feel enought secure by using and oudated browser in linux.
bester69 wrote:See my neightbour, he locks door even when he arrives at home and he's inside (i dont get it, perhaps he thinks badly of me :shock: ). Its an apartment, its second floor, its a small flat , we all know each other, there're two main doors before coming inside the flat, so its more or less the same than with my browser.
A friendly suggestion: Provide a copy of this article and this article to your neigbour(s)/neigbourhood and kindly offer to share your Internet connection. You do use a Wi-Fi router - preferably an outdated one, don't you? :mrgreen:

Re: What risks of an Outdated Internet Browser?

Posted: 2017-10-22 04:06
by n_hologram
bester69 wrote:With all comments said, I now feel safer using the oudated browser,
i see there is nothing to be afraid, in the same way i will keep letting the door of my apartment unlocked. It just common sense, at least my common sense, that perhaps is different to yours.
This is a warning to anyone who believes that this user posts with the intention of actually listening.