Web browser security

From Lumeniki
Revision as of 05:51, December 2, 2018 by (Talk) (tl;dr)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

We not allowed to be puddin da mo' mpotent nformashuns in da wiggy artickles, so u gots to go loogg'n on the talk page.


On 05:51, December 2, 2018 (UTC) Lumeniki1ref worked though Torbrowser without javascript (highest security setting on the TorButton slider) but some Tor exit nodes are blocked so you have to get a new identity.

Get a computer that supports Qubes security features and maybe that will work but even if you reinstall the OS there may be no way to detect BIOS/firmware malware, although maybe BadBIOS is a myth.

LumenikiLu security advisory[edit]

This wiki may go unmoderated for long periods of time. Due to the low security standards of popular computer development, there are many browser exploits that may be used against you, if you open an untrusted webpage with an unmodified web browser. Most of this wiki is editable by anyone. Lumenos is not going to put any exploit in the wiki, but doesn't know how to prevent others from doing so, if it is/becomes possible to do so.

Links to malicious websites[edit]

Open wikis have a one unavoidable security vulnerability; anyone can put a link to any web page. A malicious web page can contain a browser exploit. The links with nothing beside them, link to this wiki, so Lumenos guesses that these should be safer (see "improving browser security", below). But links that have something next to them such as an arrow like "this" or a secure symbol like "this" (true of Firefox not Windows Internet Explorer) may lead to a web site with a browser exploit. Note that Lumenos usually puts links to secure Wikipedia, to raise awareness of this service. It may help protect passwords although it does not seem to use the secure server for images.

You can usually see where external links go by moving your pointer over the link and looking at what appears in the status bar. You may also want to disable JavaScript from altering the status bar text. In Firefox 3, you can find this option under Tools / Options / Content / (next to "Enable JavaScript") Advanced button / "Change the status bar text". If you use Internet Explorer and you're concerned about security (or stability) Lumenos suggests downloading a different browser and checking its identity certificate before installing.

Improving browser security[edit]


You are reading a MediaWiki wiki. According to Secunia's database, MediaWiki has a good track record of fixing vulnerablities [1], but we found this was not done regularly at Referata (although it seemed more up to date than other MediaWiki wiki farms other than the Wikia).

Kewl features![edit]

There is a good chance this does NOT include exploits a wiki editor is able to put an in a MediaWiki wiki. For example, the Wikipedia has some pages with Flash components. That may mean that any vulnerability of Flash can be used to exploit the Wikipedia.

Improving security[edit]

These may decrease the risk of a browser exploits:

  • Use a antivirus software with a virus shield/guard that is always running (there are free ones available with this feature). If you download one consider not installing it unless it has an identity certificate.
  • Get all security updates for your operating system and web browser.
  • Disable java in your web browser (you probably are not using it anyway).

Scripts and Flash[edit]

Disabling scripting should give you more safety but this can cause many sites not to work. It may also disable security features of certain sites. Scripting should be enabled when downloading/installing add-ons from the main Mozillia repository, Lumenos forgets why exactly, something like it doesn't verify the extension. But with most sites disabling scripting in Firefox will probably prevent Flash and a number of other spiffy security risks. The FlashBlock add-on is also useful to make Flash components only run if you click on them. However, downloading any unsigned software may put you at risk for a man-in-the-middle attack.


"Lumenos 19:06, August 15, 2009 (UTC) I heard that NoScript has been in competition with AdBlockPlus. That the NoScript author accepts payment, to allow sites to run scripts that can't be disabled. AdBlockPlus disabled some of these sites and they got into an arms race where NoScript was actually modifying the AdBlockPlus extention."