←back to thread

ICE obtains access to Israeli-made spyware that hack phones and encrypted apps

(www.theguardian.com)
192 points pera | 1 comments | 02 Sep 25 18:12 UTC | HN request time: 0s | source
Show context
OutOfHere ◴[02 Sep 25 19:56 UTC] No.45108214[source]
There are three main categories of entry into a device via zero-days: WhatsApp/Signal, SMS/MMS, and Firefox/Chrome/Safari. If these can be isolated, entering a device could become harder.
replies(4): >>45108228 #>>45108305 #>>45109523 #>>45112057 #
const_cast ◴[03 Sep 25 03:42 UTC] No.45112057[source]
For all y'all Linux users: run your browsers in a container. You can isolate Firefox to just ~/downloads using Flatpak, it's really easy. Stops those pesky zero days from causing too much damage. Also everything just works.
replies(1): >>45112269 #
OutOfHere ◴[03 Sep 25 04:33 UTC] No.45112269[source]
Is there really a recommended Docker image for Firefox? And does it really work with a UI? Or did you mean to use Flatpak? Can it be run from a Mac?
replies(2): >>45112802 #>>45115271 #
1. const_cast ◴[03 Sep 25 13:07 UTC] No.45115271{3}[source]
I believe Flatpak is linux-only. There's a UI to edit Flatpak settings from KDE settings or you can use flatseal.

You can do tons of neat things with it. You can also cut off environment variables, cut off the x11 socket, only allow certain dbus channels, etc. You don't need a docker container or anything, Flatpak is a container technology.