What risks of an Outdated Internet Browser?

If it doesn't relate to Debian, but you still want to share it, please do it here

Re: What risks of an Outdated Internet Browser?

Postby bester69 » 2017-10-21 00:57

My point, is
I dont think none in world is looking for a me to rapped me, isnt it?, I dont think none knows me, they dont know my ip, they dont know what its within my computer, and i dont think we both concur in same temporarily gap activity, language, or whatever... and given into my ip, and getting to listen and trying to operate me, when i can inmediatly close the browser or turn off the computer. I mean, to be rapped for someone, there must be a good reason for it. isn't it?? None with enought hacking knowledge was going to put such an efforts at sniffing trying to hacking me in anyway without knowing what is behind the router, there must be a known and good reason for it,i think you can get my point.. Perhaps if i were a knowed server bank, i could be worried to not being enought secured.

I see it really silly the critycal worry of having to update the browser in a linux system. It can't be infected in the code as we're talking about linux persmissions , to practical effects, the app is behaving as it was a hardware device or an old Livecd. And we dont put to update router's firmware everyday, dont we?. Its secure by itself in the same way as any linux apps, as long as they can't hack the user, they cant operate. I dont see it..Its similar to being infected by a virus. I think we've more chances to see The Loch Ness Monster that being hacked.. its just my feeling.. but somene said so about linux viruses, they exists, but none has never seen them, and none knows someone that has ever seen them.. i read that recently in a linux article :mrgreen: .

The only risk i see here with outdated browsers, might be with an infected addon ..supposing that's even possible (by exploiting a vulenerability browser's hole in remote and behing router).
User avatar
bester69
 
Posts: 987
Joined: 2015-04-02 13:15

Re: What risks of an Outdated Internet Browser?

Postby RU55EL » 2017-10-21 01:27

bester69 wrote:My point, is
I dont think none in world is looking for a me to rapped me, isnt it?[...]


OK. That is your opinion, and it is your choice to decide how important security is on your system.

bester69 wrote:I see it really silly the critycal worry of having to update the browser in a linux system. It can't be infected in the code as we're talking about linux persmissions , to practical effects, the app is behaving as it was a hardware device or an old Livecd.[...]


This is wrong! Every single Linux computer can be hacked! It might not be easy, and it is certainly not probable in many cases. To claim otherwise is wrong.


bester69 wrote:And we dont put to update router's firmware everyday, dont we?. [...]


This is true, at least with me. I check for router firmware updates every three months. I prefer DD-WRT firmware.

bester69 wrote:The only risk i see here with outdated browsers, might be with an infected addon ..supposing that's even possible (by exploiting a vulenerability browser's hole in remote and behing router.


Just because you can't see the risk or vulnerability, doesn't mean it doesn't exist.

My point is that it is your choice how much security you want to worry about. But, don't spread the idea that Linux isn't vulnerable. Don't mislead others into thinking there are no threats or vulnerabilities.
User avatar
RU55EL
 
Posts: 336
Joined: 2014-04-07 03:42
Location: /home/russel

Re: What risks of an Outdated Internet Browser?

Postby nnm » 2017-10-21 05:56

The problems lie not in outdated browsers but rather browsers not actively receiving security patches as holes are discovered. That, and poor browsing habits.
Debian 9 (Stretch)
Asus Vivobook S551LB
nnm
 
Posts: 16
Joined: 2017-10-07 10:11
Location: /dev/zero

Re: What risks of an Outdated Internet Browser?

Postby debiman » 2017-10-21 06:59

bester69, you asked a question.
you got some answers.
and now you're doing everything to disprove those answers.
it's like i said in that other thread: you won't listen to advice.

or maybe you just hope for someone to come along and say:
"It's OK. You have permission to run an outdated browser."
There. I said it.
Happy now?
User avatar
debiman
 
Posts: 1626
Joined: 2013-03-12 07:18

Re: What risks of an Outdated Internet Browser?

Postby nnm » 2017-10-21 07:51

debiman wrote:you won't listen to advice.

Hey, at least there is no jumbo sized screenshot in this thread (yet).
Debian 9 (Stretch)
Asus Vivobook S551LB
nnm
 
Posts: 16
Joined: 2017-10-07 10:11
Location: /dev/zero

Re: What risks of an Outdated Internet Browser?

Postby alan stone » 2017-10-21 08:17

Debian 8.9 32bit, WM: Openbox
Computers are like air conditioners. They work fine until you start opening windows. - Author Unknown
Programming is like sex. One mistake and you have to support it for the rest of your life. - Michael Sinz
User avatar
alan stone
 
Posts: 221
Joined: 2011-10-22 14:08
Location: In my body.

Re: What risks of an Outdated Internet Browser?

Postby bester69 » 2017-10-21 09:49

debiman wrote:bester69, you asked a question.
you got some answers.
and now you're doing everything to disprove those answers.
it's like i said in that other thread: you won't listen to advice.

or maybe you just hope for someone to come along and say:
"It's OK. You have permission to run an outdated browser."
There. I said it.
Happy now?

yeah, I like to listen all of your opinions and get some more feedback.. WIth all of it, I got my own conclusions, and will keep running my outdated browser (I know that conclusion is subversive and political incorrect, its just my character im like that in politics and life as well, just dont feel upset for it).
Listen all of your reasons and explanations, and I feel enought secure by using and oudated browser in linux.

Thanks for share yout thoughts. :wink:
User avatar
bester69
 
Posts: 987
Joined: 2015-04-02 13:15

Re: What risks of an Outdated Internet Browser?

Postby debiman » 2017-10-21 14:18

bester69 wrote:yeah, I like to listen all of your opinions and get some more feedback.. WIth all of it, I got my own conclusions, and will keep running my outdated browser (I know that conclusion is subversive and political incorrect, its just my character im like that in politics and life as well, just dont feel upset for it).
Listen all of your reasons and explanations, and I feel enought secure by using and oudated browser in linux.

my point precisely.
so why start this thread? (psst: rhethorical question, answer not desired!)
also, i'm not upset. i'm having fun :D

alan stone wrote:The Damn Vulnerable Linux distribution, which didn't include web browser software, is discontinued.

so... is it still safe to use it?
what if i separately install a browser (outdated or not)?
User avatar
debiman
 
Posts: 1626
Joined: 2013-03-12 07:18

Re: What risks of an Outdated Internet Browser?

Postby Thorny » 2017-10-21 14:55

debiman wrote:
alan stone wrote:The Damn Vulnerable Linux distribution, which didn't include web browser software, is discontinued.

debiman wrote:so... is it still safe to use it?
what if i separately install a browser (outdated or not)?

Since it was devised as a training system for university lectures teaching about security issues, I'd guess it is as secure as it ever was. Personally, I wouldn't connect it to the Internet. [Edit] Wait a moment, I had another thought, perhaps it would be good to use if you want to set up a honeypot. ;-)

The package list on that Distrowatch page lists Firefox 56.0.1 but if alan stone is more familiar with DVL, he may be correct. All I did was read the link provided. [Edit] Oops, upon reading it again I see the - in the column. Sorry for the noise.
Thorny
 
Posts: 346
Joined: 2011-02-27 13:40

Re: What risks of an Outdated Internet Browser?

Postby ruffwoof » 2017-10-21 15:10

Security is a process, not a product.

Security products try to instil a bad practice sense of feeling safe. For a single user home system it's better to have a mindset that your personal laptop/PC to be no different to using a public PC. Mindful that anything you do or store might be seen/changed/deleted/taken by someone else. Which involves keeping good copies (backups) elsewhere. And when it comes to doing banking approach that from another angle and strive to use a secure system ... such as a pristine liveCD booted read only system (runs in ram without even mounting any HDD's). In that context running older versions of browsers might be considered as being OK ,,, but perhaps not as good as a barrier as running with the latest version.

Isolation/separation is along the lines of how smartphones manage security. If a factory fresh browser session is used on one channel that connects directly to your bank, nowhere else before or after, then the age of the browser is less of a issue.
Debian oldstable, twm, yad, stalonetray
Acer Aspire M3201 (2GB), AMD Phenom X4
ruffwoof
 
Posts: 216
Joined: 2016-08-20 21:00

Re: What risks of an Outdated Internet Browser?

Postby bester69 » 2017-10-21 15:31

ruffwoof wrote:Security is a process, not a product.
...
Isolation/separation is along the lines of how smartphones manage security. If a factory fresh browser session is used on one channel that connects directly to your bank, nowhere else before or after, then the age of the browser is less of a issue.


In this case Isolation doesnt apply, as we're only considering the use of a browser with some vulnerabilies, not the rest of apps or system. I dont see the differnce between using and old livecd and an oudated browser, as long as the rest of the system keeps updated.

Still trying to figure it out how can they manipulate my browser by using any hole if they cant get/break any paswords account in my system.
What can they do in remote??:
- redireccting web for a phissing portal??,
- forcing the installing of hidden rootkit (bad addon)??,
- Getting access to my cloud account if im connected??

-->>I still dont know what are really the dangers we might face..im just guessing :shock:, If they can get access to my clou account, I might consider keep using an oudated browser, please I need clarification about it
User avatar
bester69
 
Posts: 987
Joined: 2015-04-02 13:15

Re: What risks of an Outdated Internet Browser?

Postby ruffwoof » 2017-10-21 16:26

The usual target vector is to use a vulnerability to execute code, typically where that code might download a small file/packet from the hackers web site, tries running that downloaded file ... in a repeated loop. Once running that looping sequence can have dug in deeply and propagated onto other systems within the same LAN very quickly, especially if the looping code is also sending out researched results (such that the next file downloaded can be refined to more specific targeting). Any security system is only as ever as strong as its weakest link. Once in, the strength of the rest of the systems external resilience to penetration is immaterial, little different to if the hacker was sitting at the PC with a command line prompt. Most systems have barriers to incoming traffic (firewall), but freely allow outgoing (and the associated response) traffic.

As a example Mozilla publish details about patched vulnerabilities and a hacker would typically scan those for cases of where "could execute arbitrary code" and focus in on writing code to exploit that. Then any visitor to one of the hackers web sites that indicated a earlier version of the browser might have that exploit deployed.
Debian oldstable, twm, yad, stalonetray
Acer Aspire M3201 (2GB), AMD Phenom X4
ruffwoof
 
Posts: 216
Joined: 2016-08-20 21:00

Re: What risks of an Outdated Internet Browser?

Postby stevepusser » 2017-10-21 19:30

Yes, bester69, why don't you check out the annual pwn2own contests and see how the winners typically crack and take over the target machines completely for big prizes? It's almost always with holes in browsers or browser plugins. Linux distros are usually the most resistant, but they have been pwned.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: Krita 3.3.2.1, Pale Moon 27.6.0, Audacity 2.2.0, mpv 0.27.0, Corebird 1.7.1, Firefox 57.0, SMPlayer 17.11.2
User avatar
stevepusser
 
Posts: 8938
Joined: 2009-10-06 05:53

Re: What risks of an Outdated Internet Browser?

Postby wizard10000 » 2017-10-21 19:47

I've been ready to call troll about twice in this thread. Beginning to think bester is an evil genius :mrgreen:
we see things not as they are, but as we are.
-- anais nin
User avatar
wizard10000
 
Posts: 1222
Joined: 2011-05-09 20:02
Location: everywhere i go, there i am!

Re: What risks of an Outdated Internet Browser?

Postby bester69 » 2017-10-21 20:26

stevepusser wrote:Yes, bester69, why don't you check out the annual pwn2own contests and see how the winners typically crack and take over the target machines completely for big prizes? It's almost always with holes in browsers or browser plugins. Linux distros are usually the most resistant, but they have been pwned.

Ok, AS allways your contributions are very usefull to me, this sounds very interesting.. I will take it a look..

thanks :)
User avatar
bester69
 
Posts: 987
Joined: 2015-04-02 13:15

PreviousNext

Return to Offtopic

Who is online

Users browsing this forum: No registered users and 1 guest

fashionable