Tag Archives | Security

5 Ways to use Firefox to Filter the Web

firefox-safety We are always talking about adding features to Firefox, what about for those people who would like to take them away?  Better yet, how about adding features that let you take other features away?  Ok, now I am even confusing myself. 

Firefox has some great add-ons to use when it comes to blocking, filtering or checking out the sometimes shady information that may be passing through it.

LeechBlock – This extension is much more for saving you from looking at random stupid links when you should be working.  If you can not keep yourself focused, you may need to add this to your own Firefox install.

Flashblock – Tired of seeing the offers to punch President Bush, the Pope or any other important person to win an iPod?  The Flashblock add-on has your back as it will block all flash until it is told not to.

Adblock Plus – How could you not love Adblock Plus?  Filter out the ads you don’t want to see – and automatically subscribe to filters so you don’t waste time setting these things up yourself.  Not to mention, I did interview the creator of the script a few months back (very awesome guy!).

NoScript – NoScript allow JavaScript, Java and other executable content to run only from sites you trust.  Some feel it is better to browse the Web this way to make sure you don’t get bit by something nasty by randomly surfing through pages.

CookieSafe – This extension will allow you to easily control cookie permissions. It will appear on your statusbar. Just click on the icon to allow, block, or temporarily allow the site to set cookies.

Know of another blocking or filtering tool that does a better job?

Learn More About Firefox 3’s Site Identification Button

2469740812_7680740ff9_o

Taking a deeper look at the new site identification button inside of Firefox 3, dria.org does a good job at taking it apart and showing you what it is all about.  Honestly, it takes the padlock in browsers past and puts a whole new useful spin on it.   No longer is it just a yes or no answer on if a site is safe.  You get all kinds of useful information delivered right to you in a way you have yet to see in a next generation browser.

Check out more about Firefox 3: Site Identification button!

Firefox Living Up to Updates

Apple didn’t bother with getting things fixed that quickly, so Mozilla has jumped on the ball and updated Firefox to version 2.0.0.7 to fix the recent QuickTime vulnerability. If your Firefox hasn’t updated itself – then it should soon (or you can always go to Help > Check for Updates to get the latest Firefox version).

Need more? Here is a little more information about this issue and fix via Mozilla Developer News:

Due to the security fixes, we strongly recommend that all Firefox users upgrade to this latest release. If you are still running Firefox 1.5.0.x, you are highly encouraged to upgrade to the Firefox 2 series as Mozilla ceased supporting Firefox 1.5.0.x in May 2007. Simply choose “Check for Updates…” from the Help menu to begin the upgrade process.

For more information about the problem, check out this post on CyberNet News about it. Also if you want – you can download and install it via GetFirefox.com.

Greasemonkey Security Issues

Greasemonkey Security Issues?Well, this is one of those security issues that everybody always knew was there – but the community usually did a good job at policing it themselves to where it did not become an issue. It looks like somebody has been creating and uploading Greasemonkey scripts that steal your cookies. Since your cookies store a lot of information about you – you can see this is a kind of big deal here.

Here is the post that got my attention on UserScripts.org:

Someone has been attempting to post scripts that steal cookies. Thanks to several alert us.o citizens (including davey, descriptor, loucypher, joel h, pogue) we have been able to note that the script is malicious and then delete them.

I’m putting up a banner to warn people that newly uploaded/updated scripts should be put under extra scrutiny.

I’ve also decreased the cache duration of rss feeds to 10 minutes, so if you keep an eye on http://userscripts.org/feeds/recent_scripts it will be a lot fresher than normal (it was cached for an hour)

So yes, everybody should be extra careful when downloading scripts like this – even if it is from a trusted source. I am happy to see the UserScripts.org team moved so quickly on this though. That makes me feel a lot better about my continued use of their Firefox extension.

Greasemonkey Help Need Help? Be sure to check out the Beginner’s Guide to Greasemonkey!

Don’t Track Me!

Track Me NotHey I see you, walking down the street – keeping your eye on me. Don’t think that I am not on to your little tricks, because I know exactly what you are doing. You are tracking me aren’t you?

If you have found yourself in the same boat I am in right now you might want to pick up the TrackMeNot extension for Firefox. Not sure what its about? Here is how the creators explain it:

TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one’s tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation.

You can learn more about TrackMeNot via the official web site as well. This is a great tool for not just the paranoid among us but the folks that want to stay protected as well.

Could Extensions Hurt You?

Browser SyncExtensions that auto-update? Yeah, there could be a threat there and we aren’t sure when a fix is coming.

This is actually a threat that I had considered once or twice before – but it seems like it is getting a little more “conversation” around the Web this time around. For the best description on what this security hole is all about – lets turn to CyberNet News.

So what’s the problem? When using an extension in Firefox it frequently checks to see if there is a more updated version available, and Firefox will notify the user whether they are running the latest version. Normally the user will agree to the update and proceed with their normal browsing activities, but there could be more going on behind the scenes than the user is actually aware of.

Looks like Firefox isn’t looking to fix this yet till version 3 of the browser rolls out. Folks like Google though have promised to fix any issues with their extensions as soon as they can. All we can hope is that others will follow suit.

End of Days for Firefox 1.5

There is a lot of buzz going around about the Mozilla folks saying that Firefox 1.5 will only be maintained with security and stability updates until April 24, 2007.

firefoxlogo.jpgI say this is good news!

Sure, the people holding out on Firefox 2 are going to be given a kick in the pants to upgrade, but having to support several older versions of a program can’t be easy for such a developing and always changing product like a browser. There are great things going on via the Web these days, and your browser is your portal to it. Don’t you want to use the latest and greatest?

Top 5 Firefox Security Extensions

It is time yet again for the weekly top five. Last week I just looked at the most popular posts of the week, but this week I wanted to do something a little more serious. I think we should all look long and hard and see how secure we really are. There are steps you can take to become more secure – and here are a few extensions that can help you do it.

1. NoScript
2. WOT
3. McAfee SiteAdvisor
4. FoxyProxy
5. Fire Encrypter

Have one that I might have missed or overlooked? Leave a comment and share it with the rest of the class.

Password Manager Bug

Well it looks like the good times train has made a stop in bug city! I have no doubt though that the Mozilla folks will get this one squashed as soon as possible. Till then, it is always good to know the facts.

Today, Mozilla made public bug #360493, which exposes Firefox’s Password Manager on many public sites. The flaw derives from Firefox’s willingness to supply the username and password stored on one page on a domain to another page on a domain. For example, username/password input tags on a Myspace user’s site will be unhelpfully propagated with the visitor’s Myspace.com credentials.

+ Read More About the New Bug in Firefox 2’s Password Manager!