Tag Archives | Security

Greasemonkey Security Issues

Greasemonkey Security Issues?Well, this is one of those security issues that everybody always knew was there – but the community usually did a good job at policing it themselves to where it did not become an issue. It looks like somebody has been creating and uploading Greasemonkey scripts that steal your cookies. Since your cookies store a lot of information about you – you can see this is a kind of big deal here.

Here is the post that got my attention on UserScripts.org:

Someone has been attempting to post scripts that steal cookies. Thanks to several alert us.o citizens (including davey, descriptor, loucypher, joel h, pogue) we have been able to note that the script is malicious and then delete them.

I’m putting up a banner to warn people that newly uploaded/updated scripts should be put under extra scrutiny.

I’ve also decreased the cache duration of rss feeds to 10 minutes, so if you keep an eye on http://userscripts.org/feeds/recent_scripts it will be a lot fresher than normal (it was cached for an hour)

So yes, everybody should be extra careful when downloading scripts like this – even if it is from a trusted source. I am happy to see the UserScripts.org team moved so quickly on this though. That makes me feel a lot better about my continued use of their Firefox extension.

Greasemonkey Help Need Help? Be sure to check out the Beginner’s Guide to Greasemonkey!

Don’t Track Me!

Track Me NotHey I see you, walking down the street – keeping your eye on me. Don’t think that I am not on to your little tricks, because I know exactly what you are doing. You are tracking me aren’t you?

If you have found yourself in the same boat I am in right now you might want to pick up the TrackMeNot extension for Firefox. Not sure what its about? Here is how the creators explain it:

TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one’s tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation.

You can learn more about TrackMeNot via the official web site as well. This is a great tool for not just the paranoid among us but the folks that want to stay protected as well.

Could Extensions Hurt You?

Browser SyncExtensions that auto-update? Yeah, there could be a threat there and we aren’t sure when a fix is coming.

This is actually a threat that I had considered once or twice before – but it seems like it is getting a little more “conversation” around the Web this time around. For the best description on what this security hole is all about – lets turn to CyberNet News.

So what’s the problem? When using an extension in Firefox it frequently checks to see if there is a more updated version available, and Firefox will notify the user whether they are running the latest version. Normally the user will agree to the update and proceed with their normal browsing activities, but there could be more going on behind the scenes than the user is actually aware of.

Looks like Firefox isn’t looking to fix this yet till version 3 of the browser rolls out. Folks like Google though have promised to fix any issues with their extensions as soon as they can. All we can hope is that others will follow suit.

End of Days for Firefox 1.5

There is a lot of buzz going around about the Mozilla folks saying that Firefox 1.5 will only be maintained with security and stability updates until April 24, 2007.

firefoxlogo.jpgI say this is good news!

Sure, the people holding out on Firefox 2 are going to be given a kick in the pants to upgrade, but having to support several older versions of a program can’t be easy for such a developing and always changing product like a browser. There are great things going on via the Web these days, and your browser is your portal to it. Don’t you want to use the latest and greatest?

Top 5 Firefox Security Extensions

It is time yet again for the weekly top five. Last week I just looked at the most popular posts of the week, but this week I wanted to do something a little more serious. I think we should all look long and hard and see how secure we really are. There are steps you can take to become more secure – and here are a few extensions that can help you do it.

1. NoScript
2. WOT
3. McAfee SiteAdvisor
4. FoxyProxy
5. Fire Encrypter

Have one that I might have missed or overlooked? Leave a comment and share it with the rest of the class.

Password Manager Bug

Well it looks like the good times train has made a stop in bug city! I have no doubt though that the Mozilla folks will get this one squashed as soon as possible. Till then, it is always good to know the facts.

Today, Mozilla made public bug #360493, which exposes Firefox’s Password Manager on many public sites. The flaw derives from Firefox’s willingness to supply the username and password stored on one page on a domain to another page on a domain. For example, username/password input tags on a Myspace user’s site will be unhelpfully propagated with the visitor’s Myspace.com credentials.

+ Read More About the New Bug in Firefox 2’s Password Manager!

Help Using Tor and Privoxy in Firefox

So you want to keep your browsing a little more secret and secure? Then I have the tutorial you need to check out and read for yourself.

Tor(The Onion Router) is a tool set to improve your anonymity online. My main purpose here, is to surf websites that are banned by my ISP, or websites that banned my ISP. Its concept might sound a lot complicated, but getting it to work was just easy on my Debian box.

+ Read More About Using Tor and Privoxy in Firefox!

Mozilla and Microsoft Meet

Mozilla has returned from Microsoft’s headquarters after meeting with the Open Source Director regarding Windows Vista. There were several different things that Mozilla wanted to address especially concerning new security features and restrictions that Microsoft placed in Vista. Here are some of the things that Mozilla had wanted to discuss…

+ Read More About The Meeting at CyberNet News!