Re: Identity Theft

To: debian-user@lists.debian.org
Subject: Re: Identity Theft
From: rhkramer@gmail.com
Date: Tue, 21 Dec 2021 12:29:38 -0500
Message-id: <[🔎] 202112211229.38977.rhkramer@gmail.com>
In-reply-to: <[🔎] 2ad10acb-8114-f6e1-2173-adab99fd3bda@ardley.org>
References: <[🔎] 202112201032.31524.rhkramer@gmail.com> <[🔎] 8c360b4c-42fb-f7de-96ab-b6958c31e2f9@ardley.org> <[🔎] 2ad10acb-8114-f6e1-2173-adab99fd3bda@ardley.org>

On Monday, December 20, 2021 09:13:07 PM Jeremy Ardley wrote:
> On 21/12/21 10:09 am, Jeremy Ardley wrote:s.
> 
> > There is a type of attack called cross-site scripting (XSS). It's
> > mostly been eliminated by latest version browsers, but there are
> > always zero-day vulnerabilities.
> > 
> > The effect is that if you are vulnerable and have two tabs open, one
> > to the legitimate site, and one to a bad guy site, the bad guy can
> > alter your trusted site and for instance change a valid link into
> > something malicious, or change a displayed phone number.
> > 
> > More at https://owasp.org/www-community/attacks/xss/
> 
> You can mitigate XSS by having a single browser that is used solely to
> access high value sites. e.g. if you routinely run Firefox, have a copy
> of Vivaldi that you use to access your banks - one at a time.

I have an almost up-to-date copy of Firefox that I use for my high value 
sites, and that is the copy of Firefox that I used at the time.

Reply to:

References:
- Identity Theft
  - From: rhkramer@gmail.com
- Re: Identity Theft
  - From: Jeremy Ardley <jeremy@ardley.org>
- Re: Identity Theft
  - From: Jeremy Ardley <jeremy@ardley.org>

Prev by Date: Re: Identity Theft
Next by Date: Re: Identity Theft
Previous by thread: Re: Identity Theft
Next by thread: Re: Identity Theft
Index(es):
- Date
- Thread