The Dfg Show, Exploring The Limits of Security
Dfg
Admin
I have been buttfucked by the weather and life lately. It's fucking 33C outside and I am using Two CRT monitors right now this means I am just enjoying an unwanted baking. I used to do The Dfg Shows back on Z but I think they were lame and didn't have much punch and mostly they didn't have a theme. So, I though rather than flooding Totse why not compile the information on the fly and discuss it here.
Since the topics discussed here cover tech and everything else I decided to post this here. Any future threads will be created in this section.
It's Tuesday here and it's June 07 2011. Welcome to The Dfg Show, tonight we're going to explore the limits, the limits of security. I am going to condense an hour or content or more in one thread. Todays show is powered by Slashdot since I just checked 900 RSS feeds.
Facebook, I hate that fucking failure (Failure in terms of privacy not as a social networking platform) and it seems most of Totse.info users also hate it. If you're not a hater then check this out, Facebook caught exposing millions of user credentials Facebook has leaked access to millions of users' photographs, profiles and other personal information because of a years-old bug that overrides individual privacy settings, researchers from Symantec said.
Granted the bug was fixed and Facebook it enforce a two-factor Auth scheme Facebook users can now opt to have the company require that a one-time numeric code be entered along with their user name and password when a log-in attempt is made from devices that users haven't saved as approved ones. but it's quite I have to facepalm when I read what I actually to enter to make this work. Assholes require you to enter your cellphone. Why the hell would you hand out your cellphone number to someone who already pwned by you by being ignored about a bug that lets thirdy Party firms have access to your private data. You have to be an idiot if you still want to trust that piece of shit.
If you think I am being harsh about Facebook, you can see Facebook true colors by reading this Facebook Busted in Clumsy Smear on Google he social network secretly hired a PR firm to plant negative stories about the search giant, The Daily Beast's Dan Lyons reveals—a caper that is blowing up in their face, and escalating their war.
You see these guys are cunts, I mean how low can you go. Apparently in Facebook case very low.
On the other hand Google has been doing something good for a change. If you check the www.totse.info/cms page you will spot a Google +1 button. It's basically works like Facebook Like button. I thought it would be a good thing to implement it and keep things updated. It was hard I checked the code and tested in local server and then implemented the change. It works but you will need to login using Google Accounts.
Plus the feature is intended to visitors not local totse.info users. If you're a Developer and are using Google Developers tools you might get access to Google Cloud for Storage. It's called Google Storage it offers OAuth 2.0 support for simplified storage access and Support for objects up to 5 TB you can get free 5GB storage if you have a Google Account. You can activate it here. A WORD of caution, anything on cloud can be accessed if something goes wrong. You must encrypt your work before uploading it.
I am using my other Google Account to activate it and it's pretty simple. I just need to create a project and then enable features. Plus, I just got my Google API key which means I can enable more functions and add more features on Totse.info.
I shoudl mention that chinks (no offense Mayberry) are assholes. Google recently notified users about some phishing and malware attacks conducted by China hackers in order to get the good bits. The fault was from the user side in this case but luckily Google beefed up it's security.
While we're still on social networking side, why not discuss Twitter for a second. It seems not even the might Twitter can stand against the law. Twitter reveals secrets: Details of British users handed over in landmark case that could help Ryan Giggs For the first time, the American social networking site has bowed to a court action brought by a British group complaining that they were libelled in messages. words can't describe how much anger I have for these cunts. So, someone called them cunts and now they're forcing Twitter who tried to keep them at bay to release information regarding users and for because of this, people who breach super-injunctions or post libellous messages on Twitter. I ask you, is this necessary?
The world has moved on it seems, people have thin skins.
Act of War, do you consider that someone hacking your Country website or just exposing major flaws in your system (Sony) is basically something like declaring a war on that Country? Well the Pentagon things so The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.
What his means it, if we tried to fuck with US they will just put on their hit list and call us nations Enemies. Apparently LulzSec which is a group behind numerous pwnages fingered FBI by hacking a company called Infragard. LulzSec claims FBI affiliate hacked, users and botnet use exposed LulzSec also hacked PBS and Sony websites.
If you look closely you can spot the failures quite easily. As a general rule nothing is secure. Any system that's up and running can be hacked and pwned at any time, it just needs some who wants to fuck you up. In this case an idiot CEO used the same password for other services and made the matters worse.
LulzSec didn't stop there, Hackers Attack Nintendo Nintendo Co. said Sunday that a server for its U.S. unit's website had been hacked but no company or customer information was compromised, marking the first time the Japanese gaming giant has been targeted in recent global hacking attacks. but they did mention "We sincerely hope Nintendo plugs the gap," plus I was following them on twitter. So, there is a good side to them after all.
It's funny seeing FBI in such a tight spot but if you read Bk thread you will think twice.
What's more alarming is the ease at which hackers or users can take care of strong passwords. Cheap GPUs are rendering strong passwords useless Think that your eight-character password consisting of lowercase characters, uppercase characters and a sprinkling of numbers is strong enough to protect you from a brute force attack?
F6&B is type password takes 7 hours. And we're taking about R5770. If you have a Quad SLI Setup with NVidia 580, you're basically screwing everyone over. This actually means that we must:
A) Start using 15+ length passwords.
Use different passwords for each service.
C) Look for more than one way to safeguarding out accounts.
Reading this, A brief Sony password analysis None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems.
It's a shocking report and honestly I just facepalmed hard reading it. Add this factor and you can see the GPU working in background would be flying through passwords. The Internet just got real. Based on this tool, most passwords used by totsean would be taken out in few hours. You were warned.
Webian Shell is this the new Chrome OS? I tried Chrome OS in VM and it wasn't that good at all. Now, Mozilla comes up with something close to Chrome OS. It's called Webian Shell.
[ame="
- Announcing Webian Shell 0.1[/ame]
It's basically a full screen browser that acts like a desktop. You can runs apps and do different stuff. It's a nice concept but only for users on Laptops or portable workstations. You can download it here and try it yourself.
There has been a lot of hacking going around lately. Even Apple iTunes is creating rumors now. iTunes hack widespread, and Apple appears to know about it "From the reports a pattern is emerging. Nearly every victim had a gift card balance on their account, and some have reported that their credit card and/or payment information had been removed from their account. This indicates that Apple likely is aware of the attacks, and is actively trying to protect its users."
Damn this world, basically it's an unknown hack or some kind of glitch. Users credit is getting used in some cases. This again shows how lazy the Security Techs are and how fast the World of security is changing. Just reading these reports gives me shivers.
Lets talk about Torrents for now. IP-Address Is Not a Person, BitTorrent Case Judge Says A possible landmark ruling in one of the mass-BitTorrent lawsuits in the U.S. may spell the end of the “pay-up-or-else-schemes” that have targeted over 100,000 Internet users in the last year. District Court Judge Harold Baker has denied a copyright holder the right to subpoena the ISPs of alleged copyright infringers, because an IP-address does not equal a person. You may ask how this is any good, you should read this then Biggest BitTorrent Downloading Case in U.S. History Targets 23,000 Defendants. I know this seems confusing and may be it's since the dates are up and down. The end result is, that only a handful of users got pwned or will get pwned but finally someone gets the basic point. If you post an IP it doesn't mean it points to you. An ISP reuses IP for different clients, so it's quite impossible to start pinning anyone down.
Windows 7, this is mainly a feature we're talking about. Ever tried connecting to a network, you will find out that Windows 7 will run checks and in the end tell you if you can connect to the Internet or not. But How does Windows know whether it has internet access or if a Wi-Fi connection requires in-browser authentication? Answer is simple, it just downloads a file from MS server.
But again this shows how things really are working in the background. Every time I connect my Internet MS might be getting updated IP lists.
I think I typed for an extended period of time and I am sure it will be a bitch for anyone to read this show. I will keep this one simple.
How WikiLeaks gags its own staff? Answer, with a penalty of "£12,000,000 – twelve million pounds sterling". You should read the document those Wikileaks cunts are doing dirty work in the background as well. It would be fair to take the view that WikiLeaks is nothing other a highly commercially charged enterprise, seeking to protect and maximise its earnings from selling information that has been leaked to it. If so, WikiLeaks is nothing other than a business.
Best Linux Distro For Computational Cluster?
Scientific Linux [Used in CERN]
RHEL
CentOS
Pa. lawsuit: Rental firm spies on users "A major furniture rental chain has software on its computers that lets it track the keystrokes, screenshots and even webcam images of customers while they use the devices at home, according to a lawsuit filed Tuesday." Fuck me sideways, rental computers with spying softwares.
Actually, PC Rental Agent includes components soldered into the computer's motherboard or otherwise physically attached to the PC's electronics, the lawsuit said. It therefore cannot be uninstalled and can only be deactivated using a wand, the suit said.
This is bullshit, Privacy invaders everywhere.
So, in the end everything is just fucked up. I am sorry for the long format but it's better than posting threads everywhere.
Enjoy this clip.
[ame=" v3.0 on Vimeo[/ame]
Feedback is always welcome.
Since the topics discussed here cover tech and everything else I decided to post this here. Any future threads will be created in this section.
It's Tuesday here and it's June 07 2011. Welcome to The Dfg Show, tonight we're going to explore the limits, the limits of security. I am going to condense an hour or content or more in one thread. Todays show is powered by Slashdot since I just checked 900 RSS feeds.
Facebook, I hate that fucking failure (Failure in terms of privacy not as a social networking platform) and it seems most of Totse.info users also hate it. If you're not a hater then check this out, Facebook caught exposing millions of user credentials Facebook has leaked access to millions of users' photographs, profiles and other personal information because of a years-old bug that overrides individual privacy settings, researchers from Symantec said.
Granted the bug was fixed and Facebook it enforce a two-factor Auth scheme Facebook users can now opt to have the company require that a one-time numeric code be entered along with their user name and password when a log-in attempt is made from devices that users haven't saved as approved ones. but it's quite I have to facepalm when I read what I actually to enter to make this work. Assholes require you to enter your cellphone. Why the hell would you hand out your cellphone number to someone who already pwned by you by being ignored about a bug that lets thirdy Party firms have access to your private data. You have to be an idiot if you still want to trust that piece of shit.
If you think I am being harsh about Facebook, you can see Facebook true colors by reading this Facebook Busted in Clumsy Smear on Google he social network secretly hired a PR firm to plant negative stories about the search giant, The Daily Beast's Dan Lyons reveals—a caper that is blowing up in their face, and escalating their war.
You see these guys are cunts, I mean how low can you go. Apparently in Facebook case very low.
On the other hand Google has been doing something good for a change. If you check the www.totse.info/cms page you will spot a Google +1 button. It's basically works like Facebook Like button. I thought it would be a good thing to implement it and keep things updated. It was hard I checked the code and tested in local server and then implemented the change. It works but you will need to login using Google Accounts.
Plus the feature is intended to visitors not local totse.info users. If you're a Developer and are using Google Developers tools you might get access to Google Cloud for Storage. It's called Google Storage it offers OAuth 2.0 support for simplified storage access and Support for objects up to 5 TB you can get free 5GB storage if you have a Google Account. You can activate it here. A WORD of caution, anything on cloud can be accessed if something goes wrong. You must encrypt your work before uploading it.
I am using my other Google Account to activate it and it's pretty simple. I just need to create a project and then enable features. Plus, I just got my Google API key which means I can enable more functions and add more features on Totse.info.
I shoudl mention that chinks (no offense Mayberry) are assholes. Google recently notified users about some phishing and malware attacks conducted by China hackers in order to get the good bits. The fault was from the user side in this case but luckily Google beefed up it's security.
While we're still on social networking side, why not discuss Twitter for a second. It seems not even the might Twitter can stand against the law. Twitter reveals secrets: Details of British users handed over in landmark case that could help Ryan Giggs For the first time, the American social networking site has bowed to a court action brought by a British group complaining that they were libelled in messages. words can't describe how much anger I have for these cunts. So, someone called them cunts and now they're forcing Twitter who tried to keep them at bay to release information regarding users and for because of this, people who breach super-injunctions or post libellous messages on Twitter. I ask you, is this necessary?
The world has moved on it seems, people have thin skins.
Act of War, do you consider that someone hacking your Country website or just exposing major flaws in your system (Sony) is basically something like declaring a war on that Country? Well the Pentagon things so The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.
What his means it, if we tried to fuck with US they will just put on their hit list and call us nations Enemies. Apparently LulzSec which is a group behind numerous pwnages fingered FBI by hacking a company called Infragard. LulzSec claims FBI affiliate hacked, users and botnet use exposed LulzSec also hacked PBS and Sony websites.
If you look closely you can spot the failures quite easily. As a general rule nothing is secure. Any system that's up and running can be hacked and pwned at any time, it just needs some who wants to fuck you up. In this case an idiot CEO used the same password for other services and made the matters worse.
Karim compromised his entire company and the personal lives of his colleagues, then attempted to silence us with promises of financial gain and mutual benefits ... [he] used the same password for all of his online accounts and all accounts linked to a company he owns. Then he tried to bargain with hackers so his company wouldn't crumble.
LulzSec didn't stop there, Hackers Attack Nintendo Nintendo Co. said Sunday that a server for its U.S. unit's website had been hacked but no company or customer information was compromised, marking the first time the Japanese gaming giant has been targeted in recent global hacking attacks. but they did mention "We sincerely hope Nintendo plugs the gap," plus I was following them on twitter. So, there is a good side to them after all.
It's funny seeing FBI in such a tight spot but if you read Bk thread you will think twice.
What's more alarming is the ease at which hackers or users can take care of strong passwords. Cheap GPUs are rendering strong passwords useless Think that your eight-character password consisting of lowercase characters, uppercase characters and a sprinkling of numbers is strong enough to protect you from a brute force attack?
F6&B is type password takes 7 hours. And we're taking about R5770. If you have a Quad SLI Setup with NVidia 580, you're basically screwing everyone over. This actually means that we must:
A) Start using 15+ length passwords.
Use different passwords for each service.C) Look for more than one way to safeguarding out accounts.
Reading this, A brief Sony password analysis None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems.
It's a shocking report and honestly I just facepalmed hard reading it. Add this factor and you can see the GPU working in background would be flying through passwords. The Internet just got real. Based on this tool, most passwords used by totsean would be taken out in few hours. You were warned.
Webian Shell is this the new Chrome OS? I tried Chrome OS in VM and it wasn't that good at all. Now, Mozilla comes up with something close to Chrome OS. It's called Webian Shell.
[ame="
- Announcing Webian Shell 0.1[/ame]It's basically a full screen browser that acts like a desktop. You can runs apps and do different stuff. It's a nice concept but only for users on Laptops or portable workstations. You can download it here and try it yourself.
There has been a lot of hacking going around lately. Even Apple iTunes is creating rumors now. iTunes hack widespread, and Apple appears to know about it "From the reports a pattern is emerging. Nearly every victim had a gift card balance on their account, and some have reported that their credit card and/or payment information had been removed from their account. This indicates that Apple likely is aware of the attacks, and is actively trying to protect its users."
Damn this world, basically it's an unknown hack or some kind of glitch. Users credit is getting used in some cases. This again shows how lazy the Security Techs are and how fast the World of security is changing. Just reading these reports gives me shivers.
Lets talk about Torrents for now. IP-Address Is Not a Person, BitTorrent Case Judge Says A possible landmark ruling in one of the mass-BitTorrent lawsuits in the U.S. may spell the end of the “pay-up-or-else-schemes” that have targeted over 100,000 Internet users in the last year. District Court Judge Harold Baker has denied a copyright holder the right to subpoena the ISPs of alleged copyright infringers, because an IP-address does not equal a person. You may ask how this is any good, you should read this then Biggest BitTorrent Downloading Case in U.S. History Targets 23,000 Defendants. I know this seems confusing and may be it's since the dates are up and down. The end result is, that only a handful of users got pwned or will get pwned but finally someone gets the basic point. If you post an IP it doesn't mean it points to you. An ISP reuses IP for different clients, so it's quite impossible to start pinning anyone down.
Windows 7, this is mainly a feature we're talking about. Ever tried connecting to a network, you will find out that Windows 7 will run checks and in the end tell you if you can connect to the Internet or not. But How does Windows know whether it has internet access or if a Wi-Fi connection requires in-browser authentication? Answer is simple, it just downloads a file from MS server.
- A request for DNS name resolution of dns.msftncsi.com
- A HTTP request for http://www.msftncsi.com/ncsi.txt returning 200 OK and the text Microsoft NCSI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
NlaSvc\Parameters\Internet\EnableActiveProbing
But again this shows how things really are working in the background. Every time I connect my Internet MS might be getting updated IP lists.
I think I typed for an extended period of time and I am sure it will be a bitch for anyone to read this show. I will keep this one simple.
How WikiLeaks gags its own staff? Answer, with a penalty of "£12,000,000 – twelve million pounds sterling". You should read the document those Wikileaks cunts are doing dirty work in the background as well. It would be fair to take the view that WikiLeaks is nothing other a highly commercially charged enterprise, seeking to protect and maximise its earnings from selling information that has been leaked to it. If so, WikiLeaks is nothing other than a business.
Best Linux Distro For Computational Cluster?
Scientific Linux [Used in CERN]
RHEL
CentOS
Pa. lawsuit: Rental firm spies on users "A major furniture rental chain has software on its computers that lets it track the keystrokes, screenshots and even webcam images of customers while they use the devices at home, according to a lawsuit filed Tuesday." Fuck me sideways, rental computers with spying softwares.
Actually, PC Rental Agent includes components soldered into the computer's motherboard or otherwise physically attached to the PC's electronics, the lawsuit said. It therefore cannot be uninstalled and can only be deactivated using a wand, the suit said.
This is bullshit, Privacy invaders everywhere.
So, in the end everything is just fucked up. I am sorry for the long format but it's better than posting threads everywhere.
Enjoy this clip.
[ame=" v3.0 on Vimeo[/ame]
Feedback is always welcome.
Comments
By definition, Facebook is anything but.
Dumbass.
(Failure in terms of privacy not as a social networking platform)
Facebook is a failure....
Security wise, which by the way, is what this thread is about.
lrn2think
Dumbass.
Facebook is a multibillion dollar company.
All dfg can do make a poor imitation of a formerly popular website.
Now which is the failure.
You are
Claim to be better than FB? I hate Fb but I don't recall saying it's better than etc. in this show.
Linux is incredibly insecure as a desktop operating system. The only reason we arn't being blown apart by Linux malware is because ATM the linux userbase is too small for commercially developed linux malware.
This gal here explains the whole concept. I've been thinking about this exact problem for a long time, but I guess a security expert might add a little credibility to the claim. Off course she's also advertising her own OS as the ultimate solution. However, the facts stay the same: Some time in the near future, somebody will have written and distributed the first effective piece of Linux malware, and it will destroy a lot of people's boxes. People who were convinced they were secure because of canonnical's propaganda. People who consider themselves "secure" because they are using Linux. People who arn't used to reacting to malware threats / infections.
At this moment, Windows 7 is the most secure desktop OS. By observing a couple simple rules (which we all should know by now), a Windows 7 box is incredibly difficult to compromise. On a Linux desktop, on the other hand, all it takes is somebody who wants to get in.
I agree with this, although Linux developers are commited but they can't compete with Windows Level of awareness. Being a Windows users you're already seen all types of attacks. Even Apple OS users were stunt when they were hit with malware. Not many MAc users knew what to do, same applies to Linux. Its just a ticking bomb waiting to explode. You can secure it all you want but if more and more mission critical companies move to Linux, we will see flooded of attacks that may or may not harm the growing Linux community. Just because it's says secure it doesn't mean it is secure.
Windows 7 is a pretty solid OS. Haven't encountered any real issues with it and plus any Window users already knows it's important to keep up with updates at all times.
I'm not sure selling your users private information to the highest bidder is exactly what I'd call a success story either.
What we're saying is, if Linmux gains majority it will be targetted in the same way, granted it might get patched faster but it might be hell if you're seeing multiple patches, plus these hackers know they're doing. They're pretty creative as well. Like using SEO they can easily get high page rank for AV, then the user downloads their AV which is infact a malware. Take that example and implement it on Linux platform.
They might not offer source but what if some respostory gets taken over and slowly all other linked repostories are poisoned. Obviously it would be difficult but these hackers are determined and sooner or later they will find a loop hole. Plus, when we go to Art of War thingy, things become a bit tense.
I didn't like the way she wentabout Qubes, if theflaw existed maybe she can come with a patch but nope, she wants users to use her package. Regarding the Art of War, it's interesting but alarming, they will have the power to deploy Cyber control over any community regardless of what it does. China has been poking around too much and this is making Americans shit brix, on the contrary it's quite amazing to see that in Pakistan all our access tools are from China, basically they don't even need to hack it, they already have certain amount of access to it.
Yea like Facebook is the only company to ever do that.
:rolleyes:
Dfg would sell all of you out a lot quicker than Zok did.
Assuming too much?
1. While installing Windows Vista / Seven, the user is told to create a normal user account when the installation is done and not to use the administrator account for anything else than system administration. With a link to an explaination of why and how. The fact that very few people actually do this is because they are idiots, not because Microsoft is bad at coding.
2. The whole "gaylord reactive UAC" is actually extremely effective - if used as intended; i.e. you are logged in with a regular user account and when something needs administrator proviliges you get prompted for the administrator password. Now Microsoft realised most home users don't use their computer this way - and most probably won't start doing so for the next couple decades. So they extended UAC to make sure nothing you run in an administrator account actually runs as an administrator unless you specifically ask for it - or it is a pretty crafty piece of malware, coded by a team of professional hackers.
Oh, by the way, when that nasty UAC prompt pops up, all output from mouse and keyboard are routed straight to the part of the kernel which handles priviliges (forgot the name), preventing malware from capturing the password / faking a mouseclick on the "allow" button.
3. If you surf the web, sooner or later there will be a piece of code running in the account you use to surf. Browser exploit + drive-by infection.
Here's the danger which currently exists in just about any Linux desktop system:
Each and every step in the scenario above is possible and requires little more than a decent knowledge of Linux systems and the ability to write code and use an unpatched browser exploit - unpatched because of laziness of the coders or because it hasn't been made public yet.
And yes, this issue has been widely known amongst Linux experts for decades. It is possible to work around it - use a properly configured sudo, log in root only from the console / a SELinux sanboxed terminal emulator ... but most regular users have no idea about this. Ubuntu is the worst example when it comes to this issue. It aims at regular people who know very little about their system and it tells them they never have to worry about security ever again as Linux malware "doesn't exist and will never exist". It uses sudo in it's most insecure way - giving the regular desktop user account the ability to run anything with full root priviliges, requiring only a password at best.
As the number of Linux users who know very little about their system continues to grow, malware developers will find it wortwhile to write a decent piece of Linux malware and all those people who think their computer is completely seure will be part of a botnet. Oh, and while we mentioned Ubuntu, the last time I installed an Ubuntu desktop (about half a year ago maybe?) it started the Apache daemon by default. How's that for security? Running a HTTP server on a desktop installation BY DEFAULT?
I have seen countless School etc networks with flawed Apache installed and even in my own ISP if I have the time to learn few things, I am sure I can easily exploit their servers, this is mainly due to there lack of patch managment and use of old Linux platforms. We're discussing Enterprise networks here, like the ISP I am using.
I did a network scan and got their DNS and other Time Servers, most of them were using old flavors and were easily exploitable. They just assume installing Linux will make them secure.
I like Windows 7 UAC, granted you get used to things but really does give you a second thought. Like why would a simple program need Admin access. Thanks to that, I can pretty much avoid things. Plus thanks to AV sandboxing and OS Firewall features you can minimize the damage.
When it comes to default install Linux has an edge but that edge is quite small because not everyone bother using new release. I remember updating Linux way back, it was the only thing I doing on Linux, Just keeping it updated.
It's my 2 cents. In the end, the OS is as secure as the user. If you hand a secure OS in the hands on idiot it won't last very long, if you hand an old and oudated OS to someone who knows what they're doing it will be surely get secured or isolated.
You're right, Ubuntu and Opensuse both run AppArmor by default with a firefox profile loaded. I didn't know that - apparently it's been way too long since I've used a plug-and-play distro. This does indeed make that scenario a whole lot more difficult.
All the best
Staples