[SATLUG] Re: Security

Ian R. Meinzen i.meinzen at ieee.org
Mon May 3 13:56:22 CDT 2004 

Eric Hobbs <erich at thinkspark.com> wrote
> On Sat, 2004-05-01 at 11:10, John Williams wrote:
> > Well, turning off cookies is not an option.  Even legit websites don't allow access with cookies off.
> > 
> > So, I loaded VmWare on my Windows XP Home computer.  I then loaded windows 2000 and windows XP in 2 seperate VM's.
> > 
> > I use one for checking email and official stuff on the net.
> > 
> > I use the other one for surfing, this way if there are BS cookies loaded (or trojans) they can't harvest passwords or personel info.  There is nothing in the VM for them to find>:-)  fsck the people writting this code...they are low lifes!
> > 
> > BTW, you can run linux or BSD in a VM with VmWare.  I know OpenBSD 3.4 works:-)
> 
> If you use Mozilla or Firefox, configure them to allow cookies from the
> originating site only, and have them prompt you before accepting the
> cookie.  That way, you get to deny/allow cookies however you wish.  If
> you check the "remember this setting" box when the cookie prompt comes
> up, you can deny or allow cookies from a particular site forever.
> Allowing only cookies from the "originating site only" drops most of the
> cookies associated with banner ads and other cruft right off the bat.
> 
> Sure, there's a bit of initial clicking involved, but after a short
> time, you won't be bothered much if you generally visit the same web
> sites day after day.  It's kind of like those personal firewalls on
> Windows: there's a bunch of clicking initial as you "train" the
> firewall, but it's not much bother after that.
> 
> --Eric
> 
> _______________________________________________
> Satlug mailing list
> Satlug at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug

I'd be a lil' careful about the "originating sites only".  I used it in
the past, but some sites require cookies from related, but differing
origin, sites.  The best example I've seen pop up is Hotmail.  IIRC, it
requires a cookie from passport.com, and if it's checked, you get an
error saying cookies aren't enabled.  I do the same thing as you, but
with all cookies enabled, then disable site cookies manually as I come
across them.  It takes a bit more time, but it ensures I don't have that
kind of trouble.

Ian

-- 
Ian R. Meinzen <i.meinzen at ieee.org>
I'll say it again for the logic impaired.
             -- Larry Wall

More information about the Satlug mailing list