Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Browsers should SLOW DOWN their release cycle and release Secure debugged software

  • 1 réponse
  • 0 a ce problème
  • Dernière réponse par Victor

more options

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hackers.

I think browsers should slow down their release cycle and release secure and debugged software. Take the time to fuzz, use static and dynamic security checkers. Maybe a release every 3 months. I am tired of re-imaging and switching between browsers to escape hackers.

Toutes les réponses (1)

more options

There are only 3 things that interact with the network on my Fedora system: chronyd (clock sync), system-resolvd (DNS) and the Browser. I have disabled chronyd; my system is new and clock battery is good. And I have an infallible security detector: my USB Ethernet adapter with traffic indicator. If I see a prolonged stream of traffic of a minute or two, when I have not clicked on a link, a page, or load a web site, then it could mean only 2 things: that the dns resolver is being hacked or it is the browser. DNS resolver is reputed to be pretty hard to hack. And browsers has security fixes with EVERY version. What would you guess is the culprit attack vector?

I use firejail with the x11 setting enabled. So there is a buffer against key-loggers and screen grabbers. And the x11 buffer is virtual, starts up like new on every restart of the browser. So I should be reasonably safe (I guess). But that does not excuse any vulnerabilities in the browser.

I cannot prove the attack with a PoC, I am not a white hat vulnerability researcher, just an ordinary admin. But I do hold a Security+ cert. Granted the attack may involve other pieces. But the browser is the most likely entry point. And that should not happen. Somebody should hold the browser vendor accountable. There is no un-hackable software, true, but they have to prove their due diligence has been done, and post code audit results with every release.

Cela vous a-t-il été utile ?

Poser une question

Vous devez vous identifier avec votre compte pour répondre aux messages. Veuillez poser une nouvelle question, si vous n’avez pas encore de compte.