Results 1 to 7 of 7

Thread: Is Internet Surfing Safe? - Losing Grip

  1. #1
    Join Date
    Oct 2008
    Location
    UK
    Beans
    1,107
    Distro
    Ubuntu 13.04 Raring Ringtail

    Is Internet Surfing Safe? - Losing Grip

    I've been trying to keep up with the Shellshock issue mainly on this forum and others but admit I'm starting to lose grip on my personal risk; i.e. a layperson who uses 14.04 as a Desktop mainly for Surfing and email. I get the impression the main worry is in the SERVER environment with remote SSH use but I'm probably wrong. I have read on an Apple site a recommendation to stop all internet Banking activity (and general 'buying' on the internet) - I assume this is because some web sites use security protocols during the transaction stage. I am updating all the time and am up to date - following one of the Security threads, my Bash is 4.3-7ubuntu1.3. However, as a Desktop user, am I safe to do internet Banking and financial transactions (e.g. buying things using credit cards/paypal)?

  2. #2
    Join Date
    Mar 2010
    Location
    Metro-ATL
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Is Internet Surfing Safe? - Losing Grip

    Your question is similar to whether it is safe to cross a busy street or not.

    I will say that using Ubuntu is safer than doing it in an alternative way, but I still boot into a liveCD, as recommended by Brian Krebbs, to do any financial banking/broker logins. I don't use paypal - too many flaws in that system for me. Buying stuff online I use 1 credit card just for that purpose and only from reputable sites - almost always. About once a year, I'll take a chance on an unheard company purchase online.

    The recent bash issue doesn't matter to users who don't have any servers running or don't allow other people access to their systems. OTOH, it isn't like patching is hard.

    Being paranoid is good. "THEY" aren't out to get YOU, but "THEY" are out to get everyone online who makes it easy to get. Stay patched.

    BTW, you know that HTTPS is a house of cards and that DNS is the foundation. People screw with their DNS without understanding how important it is to all secure connections online. An untrustworthy DNS can break all HTTPS security 100%. In many parts of the world, the local dictator runs the internet, DNS, and certificate signing authority. That means they pown almost every 'secured' connection online.

  3. #3
    Join Date
    Oct 2008
    Location
    UK
    Beans
    1,107
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Is Internet Surfing Safe? - Losing Grip

    Thank you - my ISP is TalkTalk (DNS wise) although I have recently switched to OpenDNS. However, re your comment about DNS understanding (mine is very little) would you say OpenDNS is a resonable service to port through?

  4. #4
    Join Date
    Mar 2010
    Location
    Metro-ATL
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Is Internet Surfing Safe? - Losing Grip

    http://krebsonsecurity.com/2012/07/b...-on-a-live-cd/ explains the liveCD for banking.
    Brian Krebs was at the Washington Post for many years, but has gone out on his own to do the sorts of in depth stories that makes my skin crawl. Interesting AND accurate reading.
    Also this week on NOVA, they did a story about hackers enough to scare an average person into never connecting their computers to a network again. Frontline has done something like that previously. pbs.org has those videos. Should be available worldwide.

  5. #5
    Join Date
    Nov 2011
    Beans
    1,371
    Distro
    Ubuntu Development Release

    Re: Is Internet Surfing Safe? - Losing Grip

    We have to trust/assume that those with the most to lose will be quick to patch their systems. Mainstream media are jumping on this because Bash is so widely used. It's that angle that makes it mainstream news. Exploitable bugs are found and patched all the time and most of us don't know it.

    Increased media attention, though, does not necessarily equate to increased risk.

    At least all the attention means corporate managers will probably think to ping IT to make sure they're doing their job.

  6. #6
    Join Date
    Dec 2005
    Location
    Western Australia
    Beans
    11,478
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Is Internet Surfing Safe? - Losing Grip

    The threat has been massively overstated - early media reports said that all Android phones were vulnerable (they don't use Bash so of course they are not vulnerable).

    If you continued to use the internet during Heartbleed, then you should be continuing to use the internet during Shellshock. It's mostly patched now, and the risk is to servers, not desktop users. Heartbleed was worse than Shellshock.
    I try to treat the cause, not the symptom. I avoid the terminal in instructions, unless it's easier or necessary. My instructions will work within the Ubuntu system, instead of breaking or subverting it. Those are the three guarantees to the helpee.

  7. #7
    Join Date
    Feb 2008
    Location
    In my skin.
    Beans
    Hidden!
    Distro
    Xubuntu

    Re: Is Internet Surfing Safe? - Losing Grip

    Code:
    sudo apt-get autoremove
    sudo apt-get update
    sudo apt-get upgrade
    sudo apt-get dist-upgrade
    That should do it. And this:

    Quote Originally Posted by 3rdalbum View Post
    The threat has been massively overstated - early media reports said that all Android phones were vulnerable (they don't use Bash so of course they are not vulnerable).

    If you continued to use the internet during Heartbleed, then you should be continuing to use the internet during Shellshock. It's mostly patched now, and the risk is to servers, not desktop users. Heartbleed was worse than Shellshock.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •