Archive | Security

Password Exporter Saved My Bacon

Password ExporterIf you follow any of my other side projects, you might have noticed I got a new PC the other day. One of the not-so-much-fun aspects of getting a new computer is getting Firefox back up and running on it and getting all your bookmarks, settings and passwords moved over. For the most part Google’s Browser Sync did a lot of the heavy lifting in that regard.

Where Did My Passwords Go?!

I screwed up somewhere though, and all my saved passwords were not there. Before I freaked out (ok, I might have freaked out just a little ‘bit) I remembered about the Password Exporter extension for Firefox.

Here is a little more information about it from the developer:

This extension allows you to export and import your saved passwords and rejected sites between computers. Your passwords will be exported to an XML or CSV file and can be encrypted.

Did Password Exporter Do the Job?

I installed it on both the old machine and the new machine – then moved the exported backup (simple .xml file) from the old PC to my new PC. It worked! My passwords were not lost and I didn’t have to spend hours trying to set that whole mess back up.

So if your in a pinch and you need your passwords backed up – give the Password Exporter extension a shot. Might also not hurt to have it up and running 24/7 – so you can make a backup of your password list and store it somewhere safe.

Password Hasher

Password HasherNeed help coming up with confusing and complicated passwords? There are a number of services out there that will help you in this department, but one of the best I have found is Password Hasher.

This Firefox extension delivers when it comes to delivering you a password I’d never be able to guess. Now why should you use strong password? Well the obvious reason would be to make sure your content does not get stolen.

Here are some of the features of this extension:

  • Automatically generates strong passwords.
  • One master key produces different passwords at many sites.
  • Quickly upgrade passwords by “bumping” the site tag.
  • Upgrade a master key without updating all sites at once.
  • Supports different length passwords.

For more information be sure to check out their official web site. We all want to be more safe, and a good password is an easy way to start.

Firefox Living Up to Updates

Apple didn’t bother with getting things fixed that quickly, so Mozilla has jumped on the ball and updated Firefox to version 2.0.0.7 to fix the recent QuickTime vulnerability. If your Firefox hasn’t updated itself – then it should soon (or you can always go to Help > Check for Updates to get the latest Firefox version).

Need more? Here is a little more information about this issue and fix via Mozilla Developer News:

Due to the security fixes, we strongly recommend that all Firefox users upgrade to this latest release. If you are still running Firefox 1.5.0.x, you are highly encouraged to upgrade to the Firefox 2 series as Mozilla ceased supporting Firefox 1.5.0.x in May 2007. Simply choose “Check for Updates…” from the Help menu to begin the upgrade process.

For more information about the problem, check out this post on CyberNet News about it. Also if you want – you can download and install it via GetFirefox.com.

CashAddOn – Seems Like a Scam

CashAddOnLooking to make a little green for shopping with a select number of stores Online? One new extension hopes you do – and its name is CashAddOn. This extension and the web site that goes along with it while promoting a “good deal” seems a little fishy to me.

They list percentages on their web site of how much you can make, but the terms of service seems to argue that these numbers actually might be lower. Also a “cash back” deal seems to be reject-able at any time since they say the stores can thumbs up it or thumbs down it at any time.

If for any reason the affiliate site does not process the expected funds from the purchase, we will not offer the cash back to our members. The amount listed on the ‘Store’ page and estimated values, and we do not commit to offering these amounts.

Last but not least we have another place tracking your shopping via a cookie in the browser. So if privacy is a big concern of yours – you might want to look elsewhere for your cheap ways to make some dough.

On the hopefully positive side – it is on the Mozilla Addons web site, so one hopes it made it through some sort of “sniff test”.

Maybe time will tell with this place, but for some reason something just doesn’t smell right with this extension. Maybe I’m just a little paranoid about the money for nothing deals. Then again, I am still waiting for that punched out monkey to deliver my iPod too.

Greasemonkey Security Issues

Greasemonkey Security Issues?Well, this is one of those security issues that everybody always knew was there – but the community usually did a good job at policing it themselves to where it did not become an issue. It looks like somebody has been creating and uploading Greasemonkey scripts that steal your cookies. Since your cookies store a lot of information about you – you can see this is a kind of big deal here.

Here is the post that got my attention on UserScripts.org:

Someone has been attempting to post scripts that steal cookies. Thanks to several alert us.o citizens (including davey, descriptor, loucypher, joel h, pogue) we have been able to note that the script is malicious and then delete them.

I’m putting up a banner to warn people that newly uploaded/updated scripts should be put under extra scrutiny.

I’ve also decreased the cache duration of rss feeds to 10 minutes, so if you keep an eye on http://userscripts.org/feeds/recent_scripts it will be a lot fresher than normal (it was cached for an hour)

So yes, everybody should be extra careful when downloading scripts like this – even if it is from a trusted source. I am happy to see the UserScripts.org team moved so quickly on this though. That makes me feel a lot better about my continued use of their Firefox extension.

Greasemonkey Help Need Help? Be sure to check out the Beginner’s Guide to Greasemonkey!

Don’t Track Me!

Track Me NotHey I see you, walking down the street – keeping your eye on me. Don’t think that I am not on to your little tricks, because I know exactly what you are doing. You are tracking me aren’t you?

If you have found yourself in the same boat I am in right now you might want to pick up the TrackMeNot extension for Firefox. Not sure what its about? Here is how the creators explain it:

TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one’s tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation.

You can learn more about TrackMeNot via the official web site as well. This is a great tool for not just the paranoid among us but the folks that want to stay protected as well.