Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

firefox is up/downloading something unauthorized-- logfiles non-proxy-use

1 view
Skip to first unread message

reve...@safe-mail.net

unread,
Sep 14, 2006, 5:25:06 AM9/14/06
to
Yes, I know that this forum is about crypto-stuff, but those who are using strong encryption should be very careful about what is happening when their data is clear.-

Situation:
My (new) router needs javascript and preferes Mozilla, so I installed firefox with bad feelings.
Privoxy-proxy was disabled in firefox and it was used only for that crappy router.
All configurable settings EXPLICITLY DISALLOW any updating (ask what to do, instead) and, of course, the startpage was that from the router, not from mozilla.

When fighting with shitty-xine, suddenly and without any question, firefox fetched or
transfered something to or from the internet and a short message said something from
"upgrading". Because the local-proxy was disabled for the local router, no log was used.
This is especially suspicious, because I just made all updates for my subdistri short ago.

I am deinstalling firefox now, as I can make a router-workaround in konqueror.

Another warning about user-agent-transmitting in Netscape clones:

I realized years ago in netscape 4.7-or-so, that deleting the user-agent-string
somewhere in netscape really forbid the transmission of the user-agent in normal-use,
but when a ssl-request is initiated from the webside another user-agent from another
netscape-program-location is transmitting the user-agent-string !
After searching and deleting that second user-agent-string with hexedit, that rat-hole
was filled; this still maybe the case today.

How did I checked the transmission of user-agent-string via ssl ?
I made an email-account at safe-mail.net and looked in the log-area of my own last-login.

Ideas of making a logfile for, at least, all that is send via what-ever-protocol towards
the internet ????

Even debian is not free of shitware......

stay aware, stay awake, stay alive, Reverend

-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/


Christian Kujau

unread,
Sep 16, 2006, 7:22:23 AM9/16/06
to
On Thu, 14 Sep 2006, reve...@Safe-mail.net wrote:
> When fighting with shitty-xine, suddenly and without any question, firefox fetched or
> transfered something to or from the internet and a short message said something from
> "upgrading".

if firefox does something (upgrading) what it's not supposed to do (you
disabled auto-update, right? not sure if you have to restart ffox after
the change), file a bug @firefox bugzilla.

> After searching and deleting that second user-agent-string with hexedit, that rat-hole
> was filled; this still maybe the case today.

well, if you're curious about it: try it out ;-)

> Ideas of making a logfile for, at least, all that is send via what-ever-protocol towards
> the internet ????

Either strace(1) the mozilla process or tcpdump(8) the network traffic.

> Even debian is not free of shitware......

that's why we're all invited to make it better.

Christian.
--
BOFH excuse #63:

not properly grounded, please bury computer

0 new messages