[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dedicated admin account (was Re: Debians security features in comparison to Ubuntu)

Lucky you, but not everyone, especially outside of Germany, has access to secure technology for banking.

On 17. Mai 2014 19:03:41 MESZ, Sven Bartscher <sven.bartscher@weltraumschlangen.de> wrote:
On Sat, 17 May 2014 18:57:35 +0200
Franz Brandl <franz.brandl@runbox.com> wrote:

May be off topic, but IMO one should use an OS booted from DVD or write protected USB Stick for online banking.

Assuming that no remote attacker can plug my HBCI-cardreader into the
USB-HUB, I think that is not necessary.
On 17. Mai 2014 18:50:42 MESZ, Sven Bartscher <sven.bartscher@weltraumschlangen.de> wrote:
On Sun, 18 May 2014 01:36:44 +0900
Joel Rees <joel.rees@gmail.com> wrote:

There are more reasons than the X11 hole to refrain from using
admin user to surf the web.

Just out of curiosity, what are these reasons?

Your browser and any plugins, addons, etc. that it loads, including
java, flash, java/ecmascript, and, well, any scripting language the
browser can be running, for starters.

Shoot, if my memory serves me, I seem to remember a class of
vulnerabilities that has never really been answered, involving
keyboard loggers into the keyboard controller itself.

If you are worried about needing to find answers to admin problems
searching the web, lynx helps somewhat. But I still restrict the
places I visit with lynx while running as an admin to my search
site, certain subdomains of debian.org, and such.

I'm not only worried about my admin account.
This is still a big security-hole for non-admins.

The web is not safe. If you do internet banking, at least make a
separate, dedicated account for that, too. And if you go places where
maybe you should not let you go, re-think your reasons for going.

So basically I would need one account for surfing, one for
online-banking, ssh(-agent) and other important stuff and an
admin-account. Some accounts I missed?

I know that's not gonna help, but I fell like there should be a better
way to isolate processes.

PS: Please don't CC me


Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
Reply to: