Important: community effort to harden Ubuntu

[Welly Wu]

Thank you for the lesson. I do know it. I have many IT certifications:

CompTIA A+, Network, Security+, Cloud
(ISC)2 CISSP CBK
CEH
BSD, VM Ware, Ubuntu Certified Professional
MCSA

I admitted that I made a mistake in confusing HTTPS and TLS.

Ghostery and BetterPrivacy do allow me to delete LSOs and Flash cookies on demand or when I quit Mozilla Firefox, but Ghostery has its own online databases for cookies and 3pes which it automatically updates and maintains. This helps me to filter out new elements automatically across a wider expanse of the Internet. Better Privacy allows me to override the default Mozilla Firefox method of handling cookies altogether and it's for this specific reason that I chose to add it and I use it.

I am happy to report that I am not a high value target of an advanced persistent threat by anyone in this world who is trying to attack me. Perhaps that itself is the best security feature in my favor right now.

[vasa1]

I know that I'm not invincible! Where did you ever see me post that I am invincible?
...

Post #40 has this:

Now, I am fully protected and secure using Mozilla Firefox!

That would certainly give the impression the other poster got. And I agree with Stonecold that, after a point, having more extensions becomes meaningless if not detrimental.

[Welly Wu]

So, I take it that my fellow Ubuntu users are telling me that I am going overboard with the security features for Mozilla Firefox with an excessive number of extensions and plug-ins, correct?

Tell me what I should use and why and I will consider it.

[haqking]

Thank you for the lesson. I do know it. I have many IT certifications:

CompTIA A+, Network, Security+, Cloud
(ISC)2 CISSP CBK
CEH
BSD, VM Ware, Ubuntu Certified Professional
MCSA

I admitted that I made a mistake in confusing HTTPS and TLS.

.

I have seen your previous posts, I would get your money back for the above LOL

[Welly Wu]

I wish that were possible at this point, but more than 6 months has passed since my last IT certification.

I switched to Ubuntu on January 4th, 2012. Previously, I was using Microsoft Windows XP and 7 for the past 11 years and I used Microsoft Windows 1.0 through ME in the previous decades.

One thing that I noticed is that CompTIA Security+ and (ISC)2 CISSP CBK rarely delved into GNU/Linux or BSD. They would have a scant chapter or none at all. So, I have book knowledge, but I have had to undergo a pretty serious learning curve to acclimate to GNU/Linux.

I don't have any problems with hardening Microsoft Windows and I have Windows 8 Pro 64 bit. However, I rarely use it. I only use Windows when it comes time to do Microsoft Patch Tuesdays.

My biggest problem with GNU/Linux security is trying to find out the context for security tools. I read man pages all of the time, but I am so used to the Microsoft way of managing security tools and I've developed the Windows mindset that it's still difficult for me to get away from it when I use Ubuntu.

I'm much more concerned about crashes and Ubuntu 12.10 64 bit is not the most stable or polished release version yet. I don't plan to downgrade to an earlier version and I don't plan to re-install Ubuntu from scratch bare metal again. I don't plan to switch to another GNU/Linux distribution either. I want to be able to contact System76 to get help and support in the future if I have a problem.

I have a server focused security Windows mindset. I used to be a systems administrator and we had access to multi tens of millions of dollars worth of super computers and servers.

It's not easy getting away from that background because I've been doing it for so long.

Sometimes I think that I'm using Ubuntu Server instead of Desktop.

For now, I think that I'm going to stop adding extensions and plug-ins for Mozilla Firefox. That would be the best next step before I start creating problems for myself. Hell, I'm surprised that my existing list of extensions and plug-ins hasn't caused any major problems so far!

The last thing that I want to do is to invite a penetration tester or cracker to target me. I've got enough problems in my life right now.

[Welly Wu]

I've told enough people about my personal business, but nobody has any business asking me about my career background.

[Welly Wu]

CompTIA Security+ and (ISC)2 CISSP CBK were mandatory and required by my former employer. CEH was optional but recommended to get a glimpse into the other side's mindset, tools, procedures, and gathering intelligence and carefully documenting invaluable data to test systems. It got a bonus and a raise after presenting my IT certifications one at a time especially these three which are still in high demand.

My life is different now. I'm heading in a different educational and career path. I don't want to be held liable in a court of law for my own mistakes or someone else's collateral damage. I can't afford hiring my own legal defense team and litigating in different courts with different jurisdictions and even different laws, rules, and regulations. It's become too charged with defensive litigation and plantiffs launch lawsuits as a weapon of attack without asking questions first. This is what drove many private companies out of business over the years. It also got a lot of people laid off or fired or forced out of work. I lost a lot of friends and colleagues that wound up in those situations. I was next in line over time. It's not worth it any more as a career path. I've become too cynical and jaded.

I'll continue to research, register and enroll, purchase, study, and pay for IT certifications that I think have potential, but I don't plan to submit my former resume to an IT recruiter in the future. I'd rather have the book knowledge without the actual work experience to avoid being implicated in a lawsuit.

That's enough general information for now.

I'm still new to GNU/Linux. My biggest problem is putting my Microsoft mindset behind me, but I find that I can't do this just yet.

[KiwiNZ]

This thread has reached end of life and is rotating, so we all don't get giddy....thread closed