LinkedIn & Banking Browsers?

[medowe]

Anyone here got LinkedIn to work with New Moon 28? If not that, any alternatives? The home page never loads.
Also, how safe are these browser alternatives? Would you trust them for banking?

[D.Draker]

3 hours ago, medowe said:

Would you trust them for banking?

Don't use Firefox, sorry, don't know. But I even used 360 Explorer for banking and still alive, that being said, I never keep huge amounts of money on the card, only 1000 - 1100 Euro max. And the card is a debit one, can't go beyond the current amount. And this is only if I need to order something from Holland or Germany, because we actually don't need cards at all, everything is available for cash and plenty of stores.

[D.Draker]

Linked should work fine with 360 v.13.5, but I couldn't upload any photos. Well , I don't need photos there anyway , so. 

If you use 360 Browser, make sure to also select the chinese ad list in the ublock, just in case.

[Mathwiz]

Apologies for the late response, but I think you'd have better luck posting your LinkedIn question at @roytam1's thread. Lots of smart folks there who are familiar with New Moon and can tell you why LinkedIn doesn't work, if it can be fixed, and how to fix it.

As for banking, if a browser will connect to your bank's site and work properly, it should be safe. All these browsers support TLS 1.2, so nobody will intercept your password or gain access to your account. Just follow normal security procedures: choose a password that can't be guessed. Write it down if you must, but if you do, keep it in a secure place like your wallet. Beware of "phishing" emails that try to trick you into logging into a fake banking site. And run some kind of anti-malware program on your system.

Roytam's browsers are updated more often, so they're probably "safest," but the Chromium-based browsers are compatible with more sites, and should be plenty safe too. At least, we have no reason to think otherwise.

[bob_smith]

Notable to mention this modern version of OpenVPN for XP you can set up if you're still getting the jibblies

https://winraid.level1techs.com/t/openvpn-v2-5-4-for-windows-xp-and-windows-server-2003-x86/39894

[Milkinis]

On 11/2/2022 at 8:18 AM, D.Draker said:

Don't use Firefox, sorry, don't know.

what's wrong with doing banking with FireFox ? are you talking about @roytam1 forks ?

[D.Draker]

10 hours ago, Milkinis said:

what's wrong with doing banking with FireFox ? are you talking about @roytam1 forks ?

Leaks data to the russians, you could have used search and see for yourself, with proof.

https://msfn.org/board/topic/183138-mozilla-and-firefox-has-turned-into-evil-and-lie-to-their-userbase-leave-it-and-go-for-alternatives/?do=findComment&comment=1207584

https://msfn.org/board/topic/183138-mozilla-and-firefox-has-turned-into-evil-and-lie-to-their-userbase-leave-it-and-go-for-alternatives/

And on your favourite website reddit.

P.S. 

Sorry, I don't know who that is. Never heard of that member and the spoons before.

 

[D.Draker]

On 12/3/2022 at 9:57 PM, Mathwiz said:

All these browsers support TLS 1.2, so nobody will intercept your password or gain access to your account.

This is a severely outdated info. MITM , DPI - Deep packet inspection will see through it with ease. And it's only a couple of examples I just gave you.

Oh, the third one would cross-cookies, or cookie stealing.

All of this is easily googlable.

[Milkinis]

9 hours ago, D.Draker said:

Leaks data to the russians, you could have used search and see for yourself, with proof.

my ASUS router has an option in the firmware settings for -Yandex.DNS-

it's disabled by default but I have no idea why it's been included in the router parameters.

 

[D.Draker]

18 hours ago, Milkinis said:

my ASUS router has an option in the firmware settings for -Yandex.DNS-

it's disabled by default but I have no idea why it's been included in the router parameters.

 

I'm not surprised because ChinoRussia usually work together. (chinese router+russian spyware in one package=they are happy).

I wouldn't use that router.

[Mathwiz]

On 11/2/2022 at 1:11 AM, medowe said:

Anyone here got LinkedIn to work with New Moon 28? ... The home page never loads.

You might try again with the most recently posted version (2023.05.06) dynamic module imports were added to JS, so there's at least a chance

On 3/7/2023 at 11:16 PM, D.Draker said:

This is a severely outdated info. MITM , DPI - Deep packet inspection will see through it with ease.

That is incorrect. MITM will trigger a browser warning and DPI cannot decrypt packets encrypted with modern TLS ciphers. Please quit spreading misinformation.

[dmiranda]

Unfortunately, for linkedin, no change yet. As I reported in the general 360chrome thread, linkedin requires a type of verification that is not recognized even after successfully resolving the challenge. Same happens with old and current SP52 builds.  Banks, depends on the bank, on the country you are banking from.

As per the disinformation spread by the guy above, he surely knows his s***.

Edited May 7, 2023 by dmiranda

[D.Draker]

On 5/6/2023 at 9:28 PM, Mathwiz said:

That is incorrect. MITM will trigger a browser warning and DPI cannot decrypt packets encrypted with modern TLS ciphers. Please quit spreading misinformation.

My old answer was mostly given to the local XP crowd, most of them , including  but not limited to  @NotHereToPlayGames, can't properly utilize secure connections due to the well known (and described here many times) limitations in WinXP. Take, for example @NotHereToPlayGames, who doesn't even use certifiactes (so we have to assume the warnings are off). There's some truth to what you say, but the next-gen DPI is more sophisticated and not widely shown in public articles yet, one would need to know more about the DPI they use on him, so you're not completely wrong/right , in any case , the argentina guy shouldn't have been that rude to you ! 

A hint for you would be to search for articles from 2023 , using the keywords DPI next gen,

"...latest research report released in March 2023, 61.8% of leading networking vendors find that, ironically, SSL/TLS inspection increases their security vulnerabilities. In fact, security is named as the biggest concern for SSL/TLS inspection. The report ‘Deep packet inspection and encrypted traffic visibility for IP networks’ outlines the potential exposure of sensitive data and network encryption keys as traffic is routed through a forward proxy. Malicious parties can tap into these servers using legitimate lines of communications and subtly siphon out the information."

https://www.thefastmode.com/expert-opinion/31355-how-next-gen-dpi-addresses-the-shortcomings-of-ssl-tls-inspection

Also, the dangers coming from Deep Packet Inspection and Encrypted Traffic Visibility for IP Networks

https://www.thefastmode.com/research-reports/31065-report-deep-packet-inspection-and-encrypted-traffic-visibility-for-ip-networks

8 hours ago, dmiranda said:

As per the disinformation spread by the guy above, he surely knows his s***.

You shouldn't have been that rude to him ! Watch your language. We all here to learn and share.

Behave yourself.

 

[D.Draker]

9 hours ago, dmiranda said:

Unfortunately, for linkedin, no change yet. As I reported in the general 360chrome thread, linkedin requires a type of verification that is not recognized even after successfully resolving the challenge. Same happens with old and current SP52 builds. 

LinkedIn works 100% fine with Chrome 102 (released a year ago, last May).

[D.Draker]

On 5/6/2023 at 9:28 PM, Mathwiz said:

That is incorrect. MITM will trigger a browser warning and DPI cannot decrypt packets encrypted with modern TLS ciphers. Please quit spreading misinformation.

11 hours ago, dmiranda said:

As per the disinformation spread by the guy above, he surely knows his s***.

For those who are interested in this subject (not in insulting other members), go on and educate yourself.

You have to arrange for the clients to trust the certificate your DPI device uses to for ssl.

This will even eliminate the warnings you talk about.

US-CERT has an article on this very issue. DPI is not that difficult to perform, in theory and practice.

https://www.us-cert.gov/ncas/alerts/TA17-075A