Security On Http Sites

Discussion in 'Software' started by Silverthunder, Oct 24, 2019.

Thread Status:
Not open for further replies.
  1. Silverthunder

    Silverthunder Sergeant

    I would like to know how I can use http sites more safely.
    Here is the site in question:
    http://www.early-retirement.org
    I installed an extension called https everywhere. However, that doesn't seem to do the trick.

    The other idea that I have is to hit my neighbor's wifi (my ISP allows me to do this) from an OS that doesn't write data to my drive. That basically reduces the risk to root kits, right?

    Edit: maybe virtual machine?
     
    Silverthunder, Oct 24, 2019
    #1
  2. plodr

    plodr MajorGeek Super Extraordinaire Moderator Staff Member

    In the US, it is illegal to use internet in the name of and paid for by another customer.
    I'm curious who your ISP is and in what country.

    You misunderstand https everywhere.
    It automatically makes websites use a more secure HTTPS connection instead of HTTP, if they support it.
    Source: https://en.wikipedia.org/wiki/HTTPS_Everywhere
    If a site doesn't support https, then it can't be used.

    Have a good av and malware protector. Have a router on your home network, which also has a firewall. If the site looks dodgy, back out of there. (My paid malwarebytes prevents me from going to sites deemed unsafe. I can override but I rarely do.) Turn off javascript and have an ad blocker because some ads contain malware.
     
    plodr, Oct 24, 2019
    #2
    Silverthunder likes this.
  3. Silverthunder

    Silverthunder Sergeant

    I have Xfinity. As I understand, they have their customers' routers as wifi hot spots for other customers. One of my neighbors seems to have theirs turned on for that.

    AV / Malwarebytes are not generally used for linux home computers. My guess is that they wouldn't do much vs a reasonable man in the middle attack.
    Turning off Javascript does seem like a good idea. If I remember correctly, Flash player is another thing to turn off. I might actually just use Lynx (web browser), because I think it doesn't have those things at all.
     
    Silverthunder, Oct 24, 2019
    #3
  4. Earthling

    Earthling Interplanetary Geek

    You can always submit a site to VirusTotal before diving in. It's another string to your bow if you don't mind mixed metaphors ;)
     
    Earthling, Oct 24, 2019
    #4
  5. Earthling

    Earthling Interplanetary Geek

    Another way of bumping up your defences is to sandbox what you are doing. A sandbox contains everything you do until you exit, when it is discarded. Win 10 has one built in but they can be added to earlier versions.
     
    Earthling, Oct 24, 2019
    #5
    Silverthunder likes this.
  6. Eldon

    Eldon Major Geek Extraordinaire

    Eldon, Oct 25, 2019
    #6
  7. plodr

    plodr MajorGeek Super Extraordinaire Moderator Staff Member

    In fact, you aren't actually using your neighbor's Xfinity internet. You are using one of Infinity's/Comcast's free wifi hotspots, which just happens to be near your home.
    Make images. If you get something weird (rootkit, data encryption), restore the image. It takes less time to restore an image than to try and clean up something or determine what patch/program/update is causing a problem.
     
    plodr, Oct 25, 2019
    #7
  8. Silverthunder

    Silverthunder Sergeant

    As I understand, customer routers are the way that the traffic moves. When Xfinity sends you a router, it's turned on. If Xfinity owns real estate around here where they house their router, that's news to me. I don't have any serious networking equipment (like a large antennae) so Xfinity's real estate would have to be quite nearby. So, I am pretty sure that they are using customers' routers. Perhaps it's in a well implemented way.

    That is an option but issues don't jump out and announce themselves right away necessarily. Good malware often has the goal of growing its influence instead of insta bragging.

    ----
    I hadn't realized how many sites are non-https. It's truely eye opening.
    I am going to try blocking them all, using https everywhere (not the default setting but I set it).
    I will sandbox or virtual machine them.
     
    Silverthunder, Oct 30, 2019
    #8
  9. appsian

    appsian Private E-2

    In terms of security, HTTP is completely fine when browsing the web. It only becomes an issue when you're entering sensitive data into form fields on a website. If you're entering sensitive data into an HTTP web page, that data is transmitted in cleartext and can be read by anyone.
     
    appsian, Feb 10, 2021
    #9
    Replicator likes this.
  10. Eldon

    Eldon Major Geek Extraordinaire

    This thread is more than a year old...
     
    Eldon, Feb 10, 2021
    #10
    plodr likes this.
  11. plodr

    plodr MajorGeek Super Extraordinaire Moderator Staff Member

    I just found a 3 year old thread and a 4 year old thread that someone had raised from the dead!
    Perhaps lock threads that old so no one can offer suggestions. Things change a lot in that time period.
     
    plodr, Feb 10, 2021
    #11
    Eldon likes this.
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sigh.....
     
    TimW, Feb 10, 2021
    #12
    plodr likes this.
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds