[ale] nailing down firefox security and privacy - PT 1
wes smith
james007wjs at gmail.com
Wed Oct 12 13:19:44 EDT 2011
> It seems that Ron thinks that an open wireless network somehow conveys
> implicit permission to use it---and this is a problem with a lot of
> society. They think the same thing. They think that if there isn't a
> safeguard in place on something that they have the entitlement to go
> through it.
>
Sadly people think that, people carelessly connect to an AP named "Free
internets", not a care in the world. Login to email, bank accounts, or
really anything that requires a username/password. Not even thinking twice
if the owner of AP is sniffing traffic or maybe someone upstream is.
And no, for the record, I don't feel that it is in any way unethical to
> do what I did, and if I were to, for whatever reason, be compelled to
> run an open network again, I would do the very same thing that I did
> before. It accomplished a very real goal: Unwelcome people only ever
> joined my wireless network a single time. They never, ever came back.
> It served its purpose, and it entertained me in the process. I see
> absolutely nothing wrong with that at all.
>
Then a user that uses torrents or kiddie porn, or uses open AP for illicit
entry point to the Internet, comes along and uses your open AP. Next thing
you know feds with MP5's are in your house, and you don't have the slightest
clue why.
If we were running Python in the browser, that'd be a little bit
> different since there is (at least to my knowledge) no truly sandboxed
> version of Python available. But JavaScript is virtually always
> sandboxed, and cannot do any real harm to your system.
>
JS sandboxed LOLWUT
XSS problems, no worries JS is sandboxed
http://nakedsecurity.sophos.com/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/
https://secure.wikimedia.org/wikipedia/en/wiki/Samy_%28XSS%29
And tell them why they shouldn't have ad blocking software installed,
> too. People keep that shit up, we'll have to pay for everything on the
> Internet out of our wallets, instead of just the things that aren't
> ad-supported. I suspect that you disagree with me on that, too.
> Wouldn't surprise me, when I had heavy traffic to my blog and I had
> Google AdWords on it (hey, they're quite non-intrusive), I had something
> like 99% of people blocking the ads. Everybody expects something for
> nothing these days.
>
Popups become annoying, ads that have sound in them annoying, forcefully
redirecting me their site annoying, Grow my dick how big...
Clearly Mike just doesn't wear a tinfoil hat. Https Everywhere plugin from
EFF is another excellent addon to have. Along with running multiple
profiles. I use one for all my regular Internet browsing, the other is more
restricted with no history all, being used for the tor network and I2P
network.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20111012/ac4ea6ba/attachment.html
More information about the Ale
mailing list