home.social

#securebrowser — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #securebrowser, aggregated by home.social.

  1. Hacker News @[email protected] ·

    Removing XSLT for a more secure browser

    developer.chrome.com/docs/web-

    #HackerNews #RemovingXSLT #SecureBrowser #WebDevelopment #ChromeDeprecation #TechNews

    #hackernews #removingxslt #securebrowser #webdevelopment #chromedeprecation #technews
  2. Hacker News @[email protected] ·

    Removing XSLT for a more secure browser

    developer.chrome.com/docs/web-

    #HackerNews #RemovingXSLT #SecureBrowser #WebDevelopment #ChromeDeprecation #TechNews

    #hackernews #removingxslt #securebrowser #webdevelopment #chromedeprecation #technews
  3. Hacker News @[email protected] ·

    Removing XSLT for a more secure browser

    developer.chrome.com/docs/web-

    #HackerNews #RemovingXSLT #SecureBrowser #WebDevelopment #ChromeDeprecation #TechNews

    #hackernews #removingxslt #securebrowser #webdevelopment #chromedeprecation #technews
  4. Hacker News @[email protected] ·

    Removing XSLT for a more secure browser

    developer.chrome.com/docs/web-

    #HackerNews #RemovingXSLT #SecureBrowser #WebDevelopment #ChromeDeprecation #TechNews

    #technews #chromedeprecation #webdevelopment #securebrowser #removingxslt #hackernews
  5. Hacker News @[email protected] ·

    Removing XSLT for a more secure browser

    developer.chrome.com/docs/web-

    #HackerNews #RemovingXSLT #SecureBrowser #WebDevelopment #ChromeDeprecation #TechNews

    #hackernews #removingxslt #securebrowser #webdevelopment #chromedeprecation #technews
  6. windowsCult @[email protected] ·

    Chrome is known for its speed and performance; Firefox, on the other hand, emphasizes user privacy and security. Here's a more detailed comparison windows101tricks.com/firefox-c

    #chrome #Firefox #Browser #GoogleChrome #MozillaFirefox #BestBrowser #FastBrowser #SecureBrowser #Privacy

    #chrome #firefox #browser #googlechrome #mozillafirefox #bestbrowser
  7. windowsCult @[email protected] ·

    Chrome is known for its speed and performance; Firefox, on the other hand, emphasizes user privacy and security. Here's a more detailed comparison windows101tricks.com/firefox-c

    #chrome #Firefox #Browser #GoogleChrome #MozillaFirefox #BestBrowser #FastBrowser #SecureBrowser #Privacy

    #chrome #firefox #browser #googlechrome #mozillafirefox #bestbrowser
  8. Wladimir Palant @[email protected] ·

    It has been a while since I’ve written about Avast, so today I give you “How insecure is Avast Secure Browser?”

    palant.info/2024/07/15/how-ins

    Note: This isn’t a vulnerability disclosure, merely an overview of problematic design decisions.

    TL;DR from the article: I wouldn’t run Avast Secure Browser on any real operating system, only inside a virtual machine containing no data whatsoever.

    Some highlights:

    • Eleven pre-installed browser extensions but only two visible to users.
    • Two extensions unnecessarily relax Content-Security-Policy protection.
    • One of these two extensions also requesting all privileges possible, despite not actually using them.
    • Two extensions accept messages from any other extension and any Avast website, the latter without enforcing HTTPS connections.
    • One of these extensions, Privacy Guard (sic!), will expose information about your browser’s tabs via that messaging interface and provide updates as you browse the web.
    • The “onboarding” experience is designed as an extremely flexible way to nag you into using products that benefit Avast financially.
    • To make this “onboarding” work, the browser exposes internal APIs to a number of Avast domains that a huge number of third parties can put content on. Not only can each of these third parties abuse this access, a single XSS vulnerability will extend the access to any website on the internet (no effective CSP protection).

    Enjoy!

    #avast #avg #avira #ccleaner #securebrowser #infosec

    #avast #avg #avira #ccleaner #securebrowser #infosec
  9. WindowsCult @windowscult ·

    Chrome is known for its speed and performance; Firefox, on the other hand, emphasizes user privacy and security. Here's a more detailed comparison windows101tricks.com/firefox-c

    #chrome #firefox #browser #googlechrome #mozillafirefox #bestbrowser
  10. Wladimir Palant @[email protected] ·

    It has been a while since I’ve written about Avast, so today I give you “How insecure is Avast Secure Browser?”

    palant.info/2024/07/15/how-ins

    Note: This isn’t a vulnerability disclosure, merely an overview of problematic design decisions.

    TL;DR from the article: I wouldn’t run Avast Secure Browser on any real operating system, only inside a virtual machine containing no data whatsoever.

    Some highlights:

    • Eleven pre-installed browser extensions but only two visible to users.
    • Two extensions unnecessarily relax Content-Security-Policy protection.
    • One of these two extensions also requesting all privileges possible, despite not actually using them.
    • Two extensions accept messages from any other extension and any Avast website, the latter without enforcing HTTPS connections.
    • One of these extensions, Privacy Guard (sic!), will expose information about your browser’s tabs via that messaging interface and provide updates as you browse the web.
    • The “onboarding” experience is designed as an extremely flexible way to nag you into using products that benefit Avast financially.
    • To make this “onboarding” work, the browser exposes internal APIs to a number of Avast domains that a huge number of third parties can put content on. Not only can each of these third parties abuse this access, a single XSS vulnerability will extend the access to any website on the internet (no effective CSP protection).

    Enjoy!

    #avast #avg #avira #ccleaner #securebrowser #infosec

    #avast #avg #avira #ccleaner #securebrowser #infosec
  11. Wladimir Palant @[email protected] ·

    It has been a while since I’ve written about Avast, so today I give you “How insecure is Avast Secure Browser?”

    palant.info/2024/07/15/how-ins

    Note: This isn’t a vulnerability disclosure, merely an overview of problematic design decisions.

    TL;DR from the article: I wouldn’t run Avast Secure Browser on any real operating system, only inside a virtual machine containing no data whatsoever.

    Some highlights:

    • Eleven pre-installed browser extensions but only two visible to users.
    • Two extensions unnecessarily relax Content-Security-Policy protection.
    • One of these two extensions also requesting all privileges possible, despite not actually using them.
    • Two extensions accept messages from any other extension and any Avast website, the latter without enforcing HTTPS connections.
    • One of these extensions, Privacy Guard (sic!), will expose information about your browser’s tabs via that messaging interface and provide updates as you browse the web.
    • The “onboarding” experience is designed as an extremely flexible way to nag you into using products that benefit Avast financially.
    • To make this “onboarding” work, the browser exposes internal APIs to a number of Avast domains that a huge number of third parties can put content on. Not only can each of these third parties abuse this access, a single XSS vulnerability will extend the access to any website on the internet (no effective CSP protection).

    Enjoy!

    #avast #avg #avira #ccleaner #securebrowser #infosec

    #avast #avg #avira #ccleaner #securebrowser #infosec
  12. Wladimir Palant @[email protected] ·

    It has been a while since I’ve written about Avast, so today I give you “How insecure is Avast Secure Browser?”

    palant.info/2024/07/15/how-ins

    Note: This isn’t a vulnerability disclosure, merely an overview of problematic design decisions.

    TL;DR from the article: I wouldn’t run Avast Secure Browser on any real operating system, only inside a virtual machine containing no data whatsoever.

    Some highlights:

    • Eleven pre-installed browser extensions but only two visible to users.
    • Two extensions unnecessarily relax Content-Security-Policy protection.
    • One of these two extensions also requesting all privileges possible, despite not actually using them.
    • Two extensions accept messages from any other extension and any Avast website, the latter without enforcing HTTPS connections.
    • One of these extensions, Privacy Guard (sic!), will expose information about your browser’s tabs via that messaging interface and provide updates as you browse the web.
    • The “onboarding” experience is designed as an extremely flexible way to nag you into using products that benefit Avast financially.
    • To make this “onboarding” work, the browser exposes internal APIs to a number of Avast domains that a huge number of third parties can put content on. Not only can each of these third parties abuse this access, a single XSS vulnerability will extend the access to any website on the internet (no effective CSP protection).

    Enjoy!

    #avast #avg #avira #ccleaner #securebrowser #infosec

    #infosec #securebrowser #ccleaner #avira #avg #avast
  13. Wladimir Palant @[email protected] ·

    It has been a while since I’ve written about Avast, so today I give you “How insecure is Avast Secure Browser?”

    palant.info/2024/07/15/how-ins

    Note: This isn’t a vulnerability disclosure, merely an overview of problematic design decisions.

    TL;DR from the article: I wouldn’t run Avast Secure Browser on any real operating system, only inside a virtual machine containing no data whatsoever.

    Some highlights:

    • Eleven pre-installed browser extensions but only two visible to users.
    • Two extensions unnecessarily relax Content-Security-Policy protection.
    • One of these two extensions also requesting all privileges possible, despite not actually using them.
    • Two extensions accept messages from any other extension and any Avast website, the latter without enforcing HTTPS connections.
    • One of these extensions, Privacy Guard (sic!), will expose information about your browser’s tabs via that messaging interface and provide updates as you browse the web.
    • The “onboarding” experience is designed as an extremely flexible way to nag you into using products that benefit Avast financially.
    • To make this “onboarding” work, the browser exposes internal APIs to a number of Avast domains that a huge number of third parties can put content on. Not only can each of these third parties abuse this access, a single XSS vulnerability will extend the access to any website on the internet (no effective CSP protection).

    Enjoy!

    #avast #avg #avira #ccleaner #securebrowser #infosec

    #avast #avg #avira #ccleaner #securebrowser #infosec
  14. Wolfgang 🎶= Me + Dog ☑️ @[email protected] ·

    If you are into #kolektiva stuff or #union work or against the fascisti and looking around the web, #tailsos is good option.Runing off a USB, malicious sites can't harm your hard drive.
    .
    Not everyone
    can be an expert but everyone should master the #infosec #infosecbasics Read all about it

    We are proudly amatuers so this is not really a #Mastodon #protip

    Long live amatuerism.

    Please at least understand the concept of #tails #securebrowser here:distrowatch.com/table.php?dist

    #kolektiva #union #tailsos #infosec #infosecbasics #mastodon
  15. Wolfgang 🎶= Me + Dog ☑️ @[email protected] ·

    If you are into #kolektiva stuff or #union work or against the fascisti and looking around the web, #tailsos is good option.Runing off a USB, malicious sites can't harm your hard drive.
    .
    Not everyone
    can be an expert but everyone should master the #infosec #infosecbasics Read all about it

    We are proudly amatuers so this is not really a #Mastodon #protip

    Long live amatuerism.

    Please at least understand the concept of #tails #securebrowser here:distrowatch.com/table.php?dist

    #kolektiva #union #tailsos #infosec #infosecbasics #mastodon
  16. Wolfgang 🎶= Me + Dog ☑️ @[email protected] ·

    If you are into #kolektiva stuff or #union work or against the fascisti and looking around the web, #tailsos is good option.Runing off a USB, malicious sites can't harm your hard drive.
    .
    Not everyone
    can be an expert but everyone should master the #infosec #infosecbasics Read all about it

    We are proudly amatuers so this is not really a #Mastodon #protip

    Long live amatuerism.

    Please at least understand the concept of #tails #securebrowser here:distrowatch.com/table.php?dist

    #kolektiva #union #tailsos #infosec #infosecbasics #mastodon
  17. Wolfgang 🎶= Me + Dog ☑️ @[email protected] ·

    If you are into #kolektiva stuff or #union work or against the fascisti and looking around the web, #tailsos is good option.Runing off a USB, malicious sites can't harm your hard drive.
    .
    Not everyone
    can be an expert but everyone should master the #infosec #infosecbasics Read all about it

    We are proudly amatuers so this is not really a #Mastodon #protip

    Long live amatuerism.

    Please at least understand the concept of #tails #securebrowser here:distrowatch.com/table.php?dist

    #securebrowser #tails #protip #mastodon #infosecbasics #infosec
  18. Wolfgang 🎶= Me + Dog ☑️ @[email protected] ·

    If you are into #kolektiva stuff or #union work or against the fascisti and looking around the web, #tailsos is good option.Runing off a USB, malicious sites can't harm your hard drive.
    .
    Not everyone
    can be an expert but everyone should master the #infosec #infosecbasics Read all about it

    We are proudly amatuers so this is not really a #Mastodon #protip

    Long live amatuerism.

    Please at least understand the concept of #tails #securebrowser here:distrowatch.com/table.php?dist

    #kolektiva #union #tailsos #infosec #infosecbasics #mastodon
  19. Anthologist of the Anthropocene @[email protected] ·

    BLOCKING PROTOCOL - A FLAW
    The blocking flowchart presents you with an option to send a copy of the report to the admin of the domain hosting the contact which triggered the report.

    I checked out the domain of some of the sites associated with my reports and on at least one of them the admin was indeed the same party that sent the harassing tweet.

    So - automatically reporting to their admin won't necessarily do much good. OTO it probably won't do much in the way of harm EXCEPT that they get a copy of your comments.

    The safestt procedure, if you know what you are doing, is to open up #Tor or a similar #securebrowser or work from a #VPN and a dedicated browser or #virtualmachine and click the link and look at the site in question. If the admin is the one sending the harassing toots, you might want to think twice...

    I iid see this.

    Also, said admin had multiple alternate accounts, so tweets from any one of them might not be so obviously from their admin.

    Be advised.

    #tor #securebrowser #vpn #virtualmachine
  20. Anthologist of the Anthropocene @[email protected] ·

    BLOCKING PROTOCOL - A FLAW
    The blocking flowchart presents you with an option to send a copy of the report to the admin of the domain hosting the contact which triggered the report.

    I checked out the domain of some of the sites associated with my reports and on at least one of them the admin was indeed the same party that sent the harassing tweet.

    So - automatically reporting to their admin won't necessarily do much good. OTO it probably won't do much in the way of harm EXCEPT that they get a copy of your comments.

    The safestt procedure, if you know what you are doing, is to open up #Tor or a similar #securebrowser or work from a #VPN and a dedicated browser or #virtualmachine and click the link and look at the site in question. If the admin is the one sending the harassing toots, you might want to think twice...

    I iid see this.

    Also, said admin had multiple alternate accounts, so tweets from any one of them might not be so obviously from their admin.

    Be advised.

    #virtualmachine #vpn #securebrowser #tor
  21. Anthologist of the Anthropocene @[email protected] ·

    BLOCKING PROTOCOL - A FLAW
    The blocking flowchart presents you with an option to send a copy of the report to the admin of the domain hosting the contact which triggered the report.

    I checked out the domain of some of the sites associated with my reports and on at least one of them the admin was indeed the same party that sent the harassing tweet.

    So - automatically reporting to their admin won't necessarily do much good. OTO it probably won't do much in the way of harm EXCEPT that they get a copy of your comments.

    The safestt procedure, if you know what you are doing, is to open up #Tor or a similar #securebrowser or work from a #VPN and a dedicated browser or #virtualmachine and click the link and look at the site in question. If the admin is the one sending the harassing toots, you might want to think twice...

    I iid see this.

    Also, said admin had multiple alternate accounts, so tweets from any one of them might not be so obviously from their admin.

    Be advised.

    #tor #securebrowser #vpn #virtualmachine