Every browser has strengths and weaknesses, and the ‘best’ is the one that does what you want, the way you want to do it. There are still sites that I need to access that will only work correctly with IE, so I have to use it once a month to deal with that issue to pay a bill. C’est la vie 🙁

I like Chrome, but I just don’t trust Google, so I don’t use it whenever I can avoid it.

Yes, people are catching on to what’s really going on, and they are not happy about it. Those groups and organizations that have been warning about the problems are starting to benefit from the backlash.

One of the other reasons I prefer FF is because of teh EFF’s HTTPS Everywhere (which is now in Beta for Chrome based browsers). 🙂

Mozilla had removed the old padlock icon from the FF address bar used to indicate secure (HTTPS) or non-secure (HTTP) protocol/addresses. FF now has the padlock back, and also tints the left side of the address bar green or blue. If you mouse-over the padlock, it will tell you who the Verification Authority for the HTTPS is (if there is one). Nice. 🙂

PS: I see that the EFF’s new member drive was very successful! 2479 new paid-up members, thanks to the NSA!! Yayyy! And the TeaBaggers say Gov is no good for Business! LMAO

If I’m suspicious (or curious) about a site, I use a ripper/spider (Teleport Ultra). It has some very useful features that make it a good tool for the security toolbox. 🙂 It will parse the Java/JS of a site and grab any links in the code for one thing. Though I have and do use wget for some things. Even on Win. I use it to gram the M$ updates actually. 🙂

Regarding going to sites that I am dubious about, I usually wget them and examine the HTML for suspicious things ;). Then if I think it’s legit I’ll snapshot a virtual machine and go to it from the virtual machine — then roll back the virtual machine once I’m done just in case. Now that I have my new (to me) server with 48 gigabytes of memory and 24 terabytes of storage and dual quad-core Westmeres (yes, two generations old thus why the bare chassis and motherboard was being sold for pocket change, but still works fine), I can spin up virtual machines like crazy without even breaking a sweat memory and storage-wise.

On this machine I dump history, cache, cookies, etc. every night at shut-down, and that is because of the annoying ads for things I’ve looked at during the day that keep popping up wherever I go. It is only slightly inconvenient to sign in daily. but not as annoying as adds for something my Mother asked me to look at for her. A man can only handle so many Engelbert Humperdinck ads before mayhem ensues.

If I was still working on a regular basis, I would go full bunker on connecting. and be on a VPN, but I don’t need to do that anymore.

Yayyyy… About time that useless throwback *blink* is gone! And good riddance to bad rubbish! 😀

Every browser that’s updated breaks things. *shrug* And IE is the worst offender in that group. 🙂 What I like about FF is that I can get into it deeply and fix things myself. And yes, I know I’m in a minority there. Hell, I still use the ‘CustomizeGoogle 0.76’ extension, even though Google pressured the developer & Mozilla to kill it. It’s officially unsupported since 2008 (FF 4 or thereabouts) and Mozilla removed the ability (officially) to disable FF extensions version checking since about v17. But of course someone created a small extension to add the code back into FF to re-enable that option. 😆 I find that CG is one of the most important extensions for FF I use! The main reasons are that it anonymizes the Google cookie UID, creates bogus GAnalytics cookies, forces all Google sites to use HTTPS (Search, GMail, News, Images, Groups, products, Books, etc), and a great feature for my searching is that it add’s links to other search engines, Google’s Cache and the Wayback Machine. It’s a shame the developer was forced to stop developing it. But it still does most of what I need.

Extensions I use include: Adblock Plus/ABP Popup Addon/ABP Element Hiding Helper, Better Privacy, NoScript, Ghostery, UA Switcher, RefControl, Masking Agent, MaskMe, FlashBlock, Facebook Disconnect, Cookies Manager+, Clear Console, Extended Statusbar, Session Manager, Memory Fox, MAFF + UnMHT, TooManyTabs, & very strong password manager. 🙂

I also use HostsMan to modify my hosts file to block (redirect to 127.0.0.1 – ‘localhost’) about 47,000 bad or very annoying sites which speeds up my browsing a lot. If I ever *need* to visit or use one of those blocked sites, I can easily temporarily disable the hosts with just a button. I use these list mainly (plus a bunch of my own IP’s): MVPS, hpHosts (Ad & Tracking servers), Peter Lowe’s AdServer List, Cameleon, Malware Domain List. These are all independently validated and have been around for years. One of the great features of HostsMan (apart from being free), is that it removes all dupe’s, changes 0.0.0.0 -> 127.0.0.1 in the lists, and rearranges the Hosts file to put several domain’s per line to speed things up even more. You might think it would be slow because Hosts would be huge, but with the optimizations via HostsMan, it’s less than 1MB (without HM, it’s over 1,5MB). HM also manages the DNS client service (things like flushing the cache when it get’s polluted or old).

All that said, I also use Opera (v15), Chromium (v30) and even IE 9/10 (oh, and when I get really paranoid or I just *feel the need for speeeeed*, I use QtWeb & PaleMoon!) 😉 😆

I use whatever is necessary for my needs at any given time. If it works (the way I want), I’ll use it. 🙂

Also, people who use Tor, if they had updated when advised (June 26th) to v2.3.25-10, wouldn’t have been vulnerable to that exploit, and kudo’s to Tor for actually being ahead of that exploit. 🙂 If people didn’t take the advisory seriously… That’s their problem. *shrug*

I’m a beta tester (*official* beta tester I mean) for a few companies. At the moment, I am testing “Internet Security 2014 Beta’ for F-Secure, Zemana AntiLogger v2 beta, and another I can’t name (NDA). I’ve been beta testing s/w for more than 20 years (I was an official developer for Netscape Comm’s early 90’s until they lost the plot and I waved bye-bye. I told them they wouldn’t last long. *shrug*).

Hell, I still receive the Apple Security-announce Digest (currently Vol 10, Issue 15, plus the weekly Apple/HP/others Support Updates), SCAMwatch alerts and several other security digests. So I *know* what’s going on, and I am very good at patterns and trends analysis. 🙂 Forewarned is forearmed. 😉

I’ve never had a compromised system (not just home, that’s easy, but companies I’ve had or worked for, including 2 ISP’s). I take security *very* seriously, and people who give it lip-service, deserve what they get IMHO. It’s an evil, nasty World. Get used to it. *shrug*

I used to get paid a *lot* of money to do security audits (my last one was over $120k + expenses for an Insurance company a decade or so ago). I got tired of all the traveling and stupid internal politics and incredible ignorance of supposed *experts*! I also got tired of doing the work, and having it tossed in a corner because all they wanted was to be able to say to the regulators they’d had an audit done and it’s all good. I did an audit for a major Bank regarding credit fraud. At that time, they were handling around 9% fraud. I did the work and showed them how they could lower that to less than 4%, and I was told by a Director that they could live with 14% fraud because they just pass it on to the stupid customers and it’s not worth their wasting profit’s on until it get’s higher than that!

I got very tired of working my ass off to tell companies how to keep themselves & more importantly (to me), their customers safe, only to be told “Thanks. But we can afford it. Don’t let the door hit you on the way out.” What they mean is “We can afford it because our customers are powerless and stupid and we just pass the cost on to them. No problem.”

My main system here has my OS, app’s and data stored in TrueCrypt redundant hidden volumes using Twofish-Serpent cyphers in cascade, & Whirlpool (ISO, or 3rd gen) hash. It uses a hardware key which has to be connected to authenticate (but it looks like another *ordinary* device and I have several that are just that. Obfuscation is important in security), even if the passwords are known. I have redundant copies of the key (hardware does fail).

See… paranoid! 😈 😆

With good reason.

As for why not use newer versions of Firefox, they break too much stuff. Why, they even removed the blink tag from the newest version! I find the latest Firefox to be utterly useless. I have better luck viewing sites with Internet Exploder 10 than Firefox 22, that’s how bad it is.

Touché! 🙂

govts and corps would be who i had in mind when i said bad guys.

Who still uses V17? The ‘bad guys’ and ‘tourists’, Kryten. The BGs don’t take the time to keep things up-to-date, and the ‘tourists’ don’t realize they should. FF does it automatically unless you stop it, so there really is no excuse, not to be current on everything.

People who don’t update their software are the breeding ground for malware. Even worse are the ISPs who don’t stay current with patches. Most software providers patch as soon as they become aware of a problem, but if their users don’t update, the script-kiddies can play.

I have people who continue to send me HTML e-mails, even though I made it plain that I wouldn’t look at them as anything but text, because I’m not interested in cleaning up after a virus. A couple of these people have forwarded malware to me, and I have called to tell them they need to contact the people they sent it to and apologize for being stupid. They are the kind of people who use the free anti-virus software supplied by their ISPs, and never upgrade their machines.

If I intended to do something strange, I certainly wouldn’t do it with my equipment, when there are so many other options available.

I wonder how many ‘Net cafés got droned as a result of that conference call?