GirlChat #453871

Start A New Topic!  Date Index  Thread Index

Re: Sharing the beauty and joy of LGs

Posted by jd420 on 2008-October-18 00:23:24 EDT, Saturday
In reply to Sharing the beauty and joy of LGs posted by familyman54 on 2008-October-17 09:01:40 EDT, Friday
  Views: 1    Likes: 0     
BTW, if this was an inappropriate topic for me to raise here, I apologize in advance.

Yeah, pretty much - the rules even say "GC is not an image-trading facilitation site."

On the other hand, you did it tastefully enough that I'd guess the message is likely to be able to stay around, even if the only thing that someone can say to it without getting deleted is "GC is not a pic trading site." However, pointing out that you could walk into a bookstore, or pointing out that MOST search engines have an image search, is probably generic enough to avoid editing - not to mention, true.

Luckily, you did mention something which is much more appropriate for the board...

I have no clue as to their security levels, etc.

It's not the security level of the site, but the security level of your browser which matters. With a little tuneup, I could send hardcore child porn to the FBI without risk of reprisal, and the FBI's website is NOT exactly high on the list of "safe."

Conversely, GC's pretty tight, but with inadequate settings, I can turn pretty much any site on the internet into just about any sort of trap I'd like. Which means that, for a variety of reasons, you're going to have to make your browser impervious to every exploit some idiot dreamed up or discovered.

Just for an incomplete list of the basics...

- turn off scripting (js, java, activex, etc).

- turn off off-site images, if you load images at all.

- disallow cookies.

- disallow header redirects.

- disallow cross-site frames.

...are a few of the basics. Most of the tricks that are left will merely either harmlessly crash your browser or harmlessly deface the site they're added to, which are less serious. There may be other individual exploits, however - a billion and one buffer overflows are probably out there.

And finally...

- use a freakin' proxy. Preferably multiple, preferably capable of making an ssl connection, and pray they're not MiTM'ing your SSL. 'n yes, I think "pray" is the option you've got, which is a strong argument for multiple-hop proxy chaining, though SSL proxies ARE the best argument for the stupid idea of corporate-signed SSL certificates I've seen...

This will at least partially prevent the remote site from tracking you and attacking your machine directly.

Someone else will probably (hopefully?) come along and post actual full tutorials. Nonetheless, it's not so much a question of whether the site is safe (I could probably install a private BBS on flickr's servers without their management's consent, at least for a few hours 'till someone noticed, for instance)... it's a question of whether you're capable of sidling up to an unsafe site without any ill effects, because any site can be made unsafe.

'n from there, obviously, don't test your luck by going to 3v1l h4x0r sites that try to crack any machine that visits them, obviously.

This post is archived, preventing any new replies.

Responses
0 Responses