Archive | Security

5 Ways to use Firefox to Filter the Web

firefox-safety We are always talking about adding features to Firefox, what about for those people who would like to take them away?  Better yet, how about adding features that let you take other features away?  Ok, now I am even confusing myself. 

Firefox has some great add-ons to use when it comes to blocking, filtering or checking out the sometimes shady information that may be passing through it.

LeechBlock – This extension is much more for saving you from looking at random stupid links when you should be working.  If you can not keep yourself focused, you may need to add this to your own Firefox install.

Flashblock – Tired of seeing the offers to punch President Bush, the Pope or any other important person to win an iPod?  The Flashblock add-on has your back as it will block all flash until it is told not to.

Adblock Plus – How could you not love Adblock Plus?  Filter out the ads you don’t want to see – and automatically subscribe to filters so you don’t waste time setting these things up yourself.  Not to mention, I did interview the creator of the script a few months back (very awesome guy!).

NoScript – NoScript allow JavaScript, Java and other executable content to run only from sites you trust.  Some feel it is better to browse the Web this way to make sure you don’t get bit by something nasty by randomly surfing through pages.

CookieSafe – This extension will allow you to easily control cookie permissions. It will appear on your statusbar. Just click on the icon to allow, block, or temporarily allow the site to set cookies.

Know of another blocking or filtering tool that does a better job?

Add Proxy Surfing to Firefox

I have had several questions sent into me lately all about proxy surfing. 

When you get into proxy surfing, this is when the request you send into the browser goes to another service, then that other service sends your request from another location and pulls it back to you.  Most of the time this is used to provide a means to deny access to certain URLs in a blacklist, thus providing content filtering.

Firefox does deliver a fix though with several add-ons you can install…

FoxyProxy is probably the most widely used, but the others have advantages too.  Which one is your favorite?

Learn More About Firefox 3’s Site Identification Button

2469740812_7680740ff9_o

Taking a deeper look at the new site identification button inside of Firefox 3, dria.org does a good job at taking it apart and showing you what it is all about.  Honestly, it takes the padlock in browsers past and puts a whole new useful spin on it.   No longer is it just a yes or no answer on if a site is safe.  You get all kinds of useful information delivered right to you in a way you have yet to see in a next generation browser.

Check out more about Firefox 3: Site Identification button!

When a Greasemonkey Goes Bad

Like many of the rest of you out there, I love hacking around with web sites and adding functionality to Firefox by plugging in a few Greasemonkey scripts.  Do you know what to watch out for when Greasemonkey scripts go bad?  You have probably seen the warning up on UserScripts.org but I wanted to touch base to let you know what you should be looking for.

The main problem is that people are writing scripts that steal your cookie.  With your cookie, they can grab other information such as your login and other sensitive information.  They say these are two things you should search any script for before installing:

.php?cookie=

and

encodeURIComponent(document.cookie)

For more tips on how to stay on the safe side, I would recommend reading through this thread via the UserScripts.org forums.  It has a lot of handy information if you install and uninstall a lot of Greasemonkey scripts.

Metal Lion Theme Goes to Firefox 3

Still haven’t seen many, but hope to see more. What am I concerned with? Classic Firefox 2 themes that we have all known and loved on Firefox 3. It is not secret that news about themes have dropped some here and elsewhere due to the change from Firefox 2 to Firefox 3 but now it looks like Metal Lion is crossing the line.

Metal Lion – Andromeda gives Firefox 3 a classic sleek look, with your shinny blue icons. If the rest of you desktop is blue, this is the perfect fit for you. Ok, maybe I might be a little short on words for this design but it is a good one so lets let it speak for itself.

Asa Addresses Holes in PC World

Firefox Security Fight? One of my favorite Mozilla personalities, Asa Dotzler posted an article the other day debunking a lot of F.U.D. about Firefox and how it is the “new security threat” we should all be worried about, according to an article on PC World’s web site.  Not often do I sit and read, thinking to myself, “Haha, yeah booyyy!” and “Take that!” but Asa did a great job at taking apart this guy’s argument.

You can check out Asa’s thoughts and the PC World article and make your own decision though.  In the red corner from PC World we have Stuart J. Johnson…

“Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.”

In the blue corner, from Mozilla we have Asa Dotzler!

“Stuart J. Johnston, over at PC World’s Bugs and Fixes column, does a fabulous job confusing and unnecessarily alarming Firefox users, while at the same time conflating the valuable contributions being made by the ethical security researcher community with the malicious activities of “bad guy” hackers. That’s quite an accomplishment in just 500 words.”

Who is your money on? 

Save Yourself from NSFW Links

NSFW Firefox Add-on Browsing the Web from work or with the chance that somebody might catch a passing glance at your screen can sometimes be like playing Russian roulette.  You might get caught, you might not.  Now if your not one who seeks the thrill of outsmarting the boss you may wish to play it a ‘bit on the safer side with No-NSFW.

The No-NSFW add-on for Firefox will warn you whenever you are about to view a page that may not be suitable for all ages.  It is a tiny addition to the browser that lives in your statusbar.  You can vote too, when you reach an unrated page to determine if it is safe for work or not.

For more information, they do have a blog setup, and you can pickup the extension at nonsfw.com.

Firefox Security Update to 2.0.0.14

Just got my update a short time ago, have you gotten yours.  Looks like Firefox 2.0.0.1.4 was released yesterday afternoon, and if you have automatic updates enabled in Firefox, you should be getting it yourself in 24-48 hours.  This looks to be like a critical security update because only one change mentioned in the release notes.  Wasn’t rolled in together with any other fixes.

Here are the details from Mozilla:

Fixes for security problems in the JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past.

To update you can activate your automatic updates, go to help and then “check for updates” or download the most recent version at getfirefox.com.

Firefox Vulnerability Isn’t a Threat (Maybe)?

There is a kind of major security threat that isn’t really a threat but it is and yeah, I am very confused. Instead of trying to explain things I’ll share with you the information as I got it.

Ronald van den Heetkamp says that he found a vulnerability that effects all versions of Firefox (even the most recent 2.0.0.12 update). Found out about this over at Mozilla Links.

Then I go check out Asa’s blog to see what he is saying about it, and he writes:

This news item on /. and making the rounds on some blogs is not real. It’s not a flaw. This guy’s found a way to read a file that doesn’t contain any personal information and that’s identical for every Firefox install on the planet. It’s simply not a flaw.

His post then points me over to Mike Shaver’s post who does a better job at explaining the situation. It turns out that the vulnerability found does not have access to the user’s setting at all. The files are not stored in the Windows program files (or any other operating system’s equivalent for that mater). Check out his post to see Ronald and Mike discuss the topic on on one via the comments for more information.

I love the Internet.