Tag Archives | Security

Multi-Process Support Coming to Firefox?

Some have discovered a new project from the Mozilla Wiki documenting the first steps and timeline for Firefox to become a multi-process supporting browser.  The project in question, simply known as Content Processes looks to separate processes to display the browser UI and web content.

Here are the current initial goals:

  • Provide better application UI responsiveness
  • Improve stability from slow rendering or crashes caused by content
  • Improve performance, especially on multi-core machines

Now why do this, and what does it even mean?  Well, both Google Chrome and Internet Explorer 8 have moved in this direction for increased stability.  For an example, with multi-process support, a single tab crash wouldn’t take down your entire Firefox browsing experience.  It would only effect that one tab, because it would be seen as its own process. 

It might be a year or more before we see this in action via our own Firefox installations, however it is nice to see that Firefox is always looking to expand and check into other areas of stabilization to see if we can all benefit from it.

10 Ways Firefox Makes the Web a Safer Place

We all like tools that help us feel a little safer, right?  Firefox has a slew of tools you can use to add extra security to the platform.  One thing I really like about this is each person can decide how much more added security he or she needs.  How do you know which of the add-ons are the best?

Here are some of the most popular plugins that help with increasing the privacy or security for your Firefox installation.

NoScript

The best security you can get in a web browser! Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.

WOT

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory.

Stealther

Do you like to pretend that you are a super secret spy when browing the Web? Maybe you just don’t want that nosy brother or sister looking in on what you have been doing. No matter the situation, if you want to stay secret – the Stealther Firefox extension is for you.

FoxyProxy

FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s limited proxying capabilities. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc.

Fire Encrypter

Want Firefox to help you encrypt your secret files and documents? Maybe you just want to learn more about the encryption process? No matter which camp you fall into, the Fire Encrypter Firefox extension is for you. It brings the top secret world of encryption right into your favorite little browser.

Sxipper

Forget your passwords! Sxipper accurately fills in forms, manages passwords and your OpenIDs.

CookieCuller

Want more control over your cookies? No, I’m not talking about the ones your grandmother loves to shove down your throat – I am talking about the ones that involve your browser. The Firefox extension CookieCuller gives you total control over which cookies stay on your computer by letting you protect cookies of your choice while automatically deleting the rest.

Flashblock

Flashblock is an extension for the Mozilla, Firefox, and Netscape browsers that takes a pessimistic approach to dealing with Macromedia Flash content on a webpage and blocks ALL Flash content from loading. It then leaves placeholders on the webpage that allow you to click to download and then view the Flash content.

TrackMeNot

With all this talk about your privacy being attacked and people snooping on what you have been searching about, you are bound to feel a little paranoid. You might be watching over your shoulder as you type. You might be turning the lights out before you get Online. How can you protect yourself from being tracked in your searches though? If you use Firefox, you need the TrackMeNot extension.

BugMeNot

Tired of web sites asking you to register to view the content inside?  Bypass compulsory web registration with the context menu via bugmenot.com.

Know of another Firefox security add-on that is well worth using, just not that popular yet?  Do any of these add-ons make you sleep a little easier at night?  Let me know what you think the best security add-on for Firefox is.

Private Browsing Makes Debut in Latest Nightly Build

Private Browsing in Firefox 

A of noise has been made about the excitement around private browsing.  Personally, this isn’t the feature I have been waiting for years to see, but it is nice to see Firefox keeping up with the competition and adding this feature in.  With this new mode (coming to Firefox 3.1) your browsing, cookies, temporary files, search, forms, and download history will not be saved.

Best thing about it that I have seen is that they will not interrupt the interface with some big bold “Hey you, you are browsing privately now” graphic.  You just get the simple (Private Browsing) in the title bar.

firefox-private-browsing-2

So are you excited to see private surfing added to Firefox or is this one of those “ehh, I guess it is ok” features for you too? Learn more about it at ehsanakhgari.org

Security Zone Policy Errors in Firefox 3

Here is an interesting update that seems to be drawing a little heat from the Web at large.  Depending on your Internet settings (from Control Panel > Internet Options) you might have issues with some downloads being blocked.

Fx3exeBlocked

Here is what Mozilla has to say about the issue.

Starting in Firefox 3, downloads of executable files (e.g., .exe or .msi) may fail and the Firefox Downloads window will contain this message, under the filename:  This download has been blocked by your Security Zone Policy.

This issue occurs because Firefox 3 now honors your Windows security settings for downloading applications and other potentially unsafe files from the Internet.

The rage here is that the Internet Options you see from the Control Panel links back to Internet Explorer 7.  So in a round about wacky way, Firefox 3 follows IE7’s security settings.  Need a fix?

To change the setting, open Internet Options (via Control Panel or from Internet Explorer -> Tools) and click the Security tab. With the Internet zone icon highlighted, click the Custom level… button. A list of security settings for the Internet zone will appear. Find the “Launching applications and unsafe files” setting (under Miscellaneous) and select “Prompt (recommended)”.

If that does not do the trick for you, there are a few more fix suggestions on Mozillazine.org you can try.  So are you upset about this or could you care less?

5 Ways to use Firefox to Filter the Web

firefox-safety We are always talking about adding features to Firefox, what about for those people who would like to take them away?  Better yet, how about adding features that let you take other features away?  Ok, now I am even confusing myself. 

Firefox has some great add-ons to use when it comes to blocking, filtering or checking out the sometimes shady information that may be passing through it.

LeechBlock – This extension is much more for saving you from looking at random stupid links when you should be working.  If you can not keep yourself focused, you may need to add this to your own Firefox install.

Flashblock – Tired of seeing the offers to punch President Bush, the Pope or any other important person to win an iPod?  The Flashblock add-on has your back as it will block all flash until it is told not to.

Adblock Plus – How could you not love Adblock Plus?  Filter out the ads you don’t want to see – and automatically subscribe to filters so you don’t waste time setting these things up yourself.  Not to mention, I did interview the creator of the script a few months back (very awesome guy!).

NoScript – NoScript allow JavaScript, Java and other executable content to run only from sites you trust.  Some feel it is better to browse the Web this way to make sure you don’t get bit by something nasty by randomly surfing through pages.

CookieSafe – This extension will allow you to easily control cookie permissions. It will appear on your statusbar. Just click on the icon to allow, block, or temporarily allow the site to set cookies.

Know of another blocking or filtering tool that does a better job?

Learn More About Firefox 3’s Site Identification Button

2469740812_7680740ff9_o

Taking a deeper look at the new site identification button inside of Firefox 3, dria.org does a good job at taking it apart and showing you what it is all about.  Honestly, it takes the padlock in browsers past and puts a whole new useful spin on it.   No longer is it just a yes or no answer on if a site is safe.  You get all kinds of useful information delivered right to you in a way you have yet to see in a next generation browser.

Check out more about Firefox 3: Site Identification button!

Firefox Living Up to Updates

Apple didn’t bother with getting things fixed that quickly, so Mozilla has jumped on the ball and updated Firefox to version 2.0.0.7 to fix the recent QuickTime vulnerability. If your Firefox hasn’t updated itself – then it should soon (or you can always go to Help > Check for Updates to get the latest Firefox version).

Need more? Here is a little more information about this issue and fix via Mozilla Developer News:

Due to the security fixes, we strongly recommend that all Firefox users upgrade to this latest release. If you are still running Firefox 1.5.0.x, you are highly encouraged to upgrade to the Firefox 2 series as Mozilla ceased supporting Firefox 1.5.0.x in May 2007. Simply choose “Check for Updates…” from the Help menu to begin the upgrade process.

For more information about the problem, check out this post on CyberNet News about it. Also if you want – you can download and install it via GetFirefox.com.

Greasemonkey Security Issues

Greasemonkey Security Issues?Well, this is one of those security issues that everybody always knew was there – but the community usually did a good job at policing it themselves to where it did not become an issue. It looks like somebody has been creating and uploading Greasemonkey scripts that steal your cookies. Since your cookies store a lot of information about you – you can see this is a kind of big deal here.

Here is the post that got my attention on UserScripts.org:

Someone has been attempting to post scripts that steal cookies. Thanks to several alert us.o citizens (including davey, descriptor, loucypher, joel h, pogue) we have been able to note that the script is malicious and then delete them.

I’m putting up a banner to warn people that newly uploaded/updated scripts should be put under extra scrutiny.

I’ve also decreased the cache duration of rss feeds to 10 minutes, so if you keep an eye on http://userscripts.org/feeds/recent_scripts it will be a lot fresher than normal (it was cached for an hour)

So yes, everybody should be extra careful when downloading scripts like this – even if it is from a trusted source. I am happy to see the UserScripts.org team moved so quickly on this though. That makes me feel a lot better about my continued use of their Firefox extension.

Greasemonkey Help Need Help? Be sure to check out the Beginner’s Guide to Greasemonkey!

Don’t Track Me!

Track Me NotHey I see you, walking down the street – keeping your eye on me. Don’t think that I am not on to your little tricks, because I know exactly what you are doing. You are tracking me aren’t you?

If you have found yourself in the same boat I am in right now you might want to pick up the TrackMeNot extension for Firefox. Not sure what its about? Here is how the creators explain it:

TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one’s tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation.

You can learn more about TrackMeNot via the official web site as well. This is a great tool for not just the paranoid among us but the folks that want to stay protected as well.

Could Extensions Hurt You?

Browser SyncExtensions that auto-update? Yeah, there could be a threat there and we aren’t sure when a fix is coming.

This is actually a threat that I had considered once or twice before – but it seems like it is getting a little more “conversation” around the Web this time around. For the best description on what this security hole is all about – lets turn to CyberNet News.

So what’s the problem? When using an extension in Firefox it frequently checks to see if there is a more updated version available, and Firefox will notify the user whether they are running the latest version. Normally the user will agree to the update and proceed with their normal browsing activities, but there could be more going on behind the scenes than the user is actually aware of.

Looks like Firefox isn’t looking to fix this yet till version 3 of the browser rolls out. Folks like Google though have promised to fix any issues with their extensions as soon as they can. All we can hope is that others will follow suit.