This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Security

Ten Firefox extensions to keep your browsing private and secure

By Lisa Hoover on November 26, 2007 (9:00:00 AM)

Share    Print    Comments   

Most people lock their doors and windows, use a paper shredder to protect themselves from identity theft, and install antivirus software on their computers. Yet they routinely surf the Internet without giving a second thought to whether their browser is secure and their personal information safe. Unfortunately, it's easy for someone with nefarious intentions to use a Web site to glean data from -- or introduce spyware to -- your computer. Even worse, sometimes all you have to do is randomly click on a site to have your data probed in a most unwelcome way.

Mozilla Firefox has several security settings you can adjust via the Preferences pane, but there are also more than 150 privacy and security extensions you can add as well. They are easy to install and take little time to set up; some even work automatically after you restart your browser. Let's have a look at some of the most popular and most useful.

One of the best ways to protect your computer is to prevent the browser from using JavaScript at Web sites without permission. JavaScript, though useful for developing glitzy Web sites, has gained something of a reputation as a method for doing Bad Things to unsuspecting computers. NoScript is an extension that makes every site that uses JavaScript ask your permission before running it. NoScript can render JavaScript-heavy sites unreadable, but it provides a whitelist of acceptable sites that you can easily add to in order to speed up your surfing experience.

Many people use Tor to hide their online surfing habits. FoxTor provides a way to mask and unmask your browser on the fly, without having to commit to anonymous surfing throughout an entire browsing session. It requires the use of Tor and Privoxy.

Your browser's history logs help provide a speedier surfing experience for you. Unfortunately, skilled hackers can peek at them remotely to see where you've been. Deleting log information after each browsing session would slow you down, but fortunately, there's another way. Don't delete your data -- hide it with SafeHistory.

Some of the most sensitive information sent over the Internet travels via email, so many people prefer to send their messages encrypted. The Gmail S/MIME extension encrypts Gmail messages, including attachments, automatically, as long as you have the recipient's digital certificate.

While Firefox 2 has built-in phishing protection, it never hurts to have a backup plan. The premise behind Petname is simple: leave reminder notes on your trusted Web sites and the notes will automatically appear each time you return. If you surf to what you assume is one of your whitelisted sites and no reminder note appears, you'll know something's not right. This extension is particularly useful if you're running an older version of Firefox without anti-phishing protection.

SecurePasswordGenerator is a long name for a little extension that sits in your toolbar and helps you create unique passwords. Half the battle of staying safe online is using complex and different passwords whenever you register at a Web site. Use this tool to help you create a unique password everywhere you go.

Have you ever wondered where the information you type into an online form goes once you hit "send"? With FormFox, you can find out. Once you download and enable this extension, hovering your mouse over the data field of a form or search box will reveal exactly who receives the information you enter. Use this extension to check out an unfamiliar Web site before you cough up your name, address, and credit card information while doing your online holiday shopping.

Many people use disposable or temporary email addresses around the Internet to avoid email spam. Although spam is generally considered more of a nusiance than a security issue, there are occasions when a disposable address may be a safer option than providing a real one (on message forums, for example). There are several temporary email services to choose from; the TrashMail.net Firefox extension makes that service an attractive choice.

Sometimes you need to protect your information from the prying eyes of people around you. If you're surfing at an airport or local coffee shop, people wandering past can have a look at the titles of the tabs you have open. Page Title Eraser lets you either blank out the title and icon in your browser's tabs, or replace the text with something of your choice.

When trying to protect your privacy, the last thing you want is for a Web site to collect data on what you do while you visit: where you click, how long you view a page, and so on. That's called profiling. While it's harmless if a site tracks data on how long it took you to read an article on how to install a video game, most people feel that there's no reason a Web site needs to know anything about your surfing habits, even if it's only to collect data for marketing purposes.

Most extensions and tools commonly used to prevent data profiling by search engines work by concealing information from outsiders. TrackMeNot takes the opposite approach and actually sends out a bunch of information for the search engines to process. Of course, it sends mostly false information, which means your search activities remain hidden from view and search engines won't glean any meaningful data from your visit.

These are only a few of several dozen privacy and security extensions available for Firefox; you can find a larger list at Mozilla's Web site. Tools like these can make your surfing experience safer, but remember: nothing is foolproof, and talented hackers can still find ways to pull information from your system if they try hard enough. Always be careful.

Every Monday we highlight a different extension, plugin, or add-on. Write an article of less than 1,000 words telling us about one that you use and how it makes your work easier, along with tips for getting the most out of it. If we publish it, we'll pay you $100. (Send us a query first to be sure we haven't already published a story on your chosen topic recently or have one in hand.)

Share    Print    Comments   

Comments

on Ten Firefox extensions to keep your browsing private and secure

Note: Comments are owned by the poster. We are not responsible for their content.

Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: 195.212.29.83] on November 26, 2007 09:24 AM
You've got an error with the tag in the Privoxy paragraph - should be < / a > but it's < a / > rendering the rest unreadable.

#

Re: Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: 77.85.12.254] on November 26, 2007 10:59 AM
Actually it's the closing quotation marks of the href attribute- they're missing. This is the reason that the previous paragraph (about NoScript) is also not correctly formatted- the phrase "Bad Things to unsuspecting computers" is missing.

#

Re: Ten Firefox extensions to keep your browsing private and secure

Posted by: Lisa on November 26, 2007 12:44 PM
Fixed now, thanks!. Guess we were all in too much of a hurry to get to the turkey last week. :-)

#

Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: 66.128.132.253] on November 26, 2007 04:58 PM
Here is my take:

1. HackBar - This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT learn you how to hack a site. Its main purpose is to help a developer do security audits on his code.

2. OSVDB Search - The Mozilla OSVDB Search utility will add the option to search OSVDB (Open Source Vulnerability Database) directly from your web browser’s side bar or search box. This will work in the Mozilla-based browsers: FireFox, Mozilla, Beonex, and Netscape.

3. Firekeeper - Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.

4. Chickenfoot - Chickenfoot is a Firefox extension that puts a programming environment in the browser’s sidebar so you can write scripts to manipulate web pages and automate web browsing. In Chickenfoot, scripts are written in a superset of Javascript that includes special functions specific to web tasks.

5. Tamper Data - Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Security test web applications by modifying POST parameters. FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.

6. httpOnly - Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side, so that JavaScript cannot read them.

7. FFsniFF - FFsniFF is a simple Firefox extension, which transforms your browser into the html form sniffer. Every time the user click on ‘Submit’ button, FFsniFF will try to find a non-blank password field in the form. If it’s found, entire form (also with URL) is sent to the specified e-mail address. It also has the ability to hide itself in the ‘Extensions manager’. This extension is meant to be as an example of the ‘evil side of Firefox extensions’.

8. User Agent Switcher - Adds a menu and a toolbar button to switch the user agent of the browser.

9. FoxyProxy - FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s proxy configuration. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc…

10. ShowIP - Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft. Additionally you can copy the IP address to the clipboard. This extension was formerly known as ipv6ident.

There are more so all around security extensions than keeping your browsing private.

- Shane
hackosis.com

#

don't use Track-me-not

Posted by: Anonymous [ip: 81.205.164.87] on November 27, 2007 11:00 AM
unfortunately, i'm having some trouble with Track-me-not. The idea is great, and I would like to use a tool like that, unfortunately, there is no option to add your own wordlist and search queries.

Instead it uses a wordlist that I don't want to use. It keeps on querying things like 'red sox' , 'knut', 'veronica mars', 'Paris Hilton' , 'Britney spears', 'tupac' ,'flag day' , etc etc. I would never search for anything like that, simply because it is stupid (american) crap and i'm not interested in that.

Does it matter?
well, querying search engines for this kind of crap makes media-companies think that that is what we ask for and what we want. So they will put more of that on the web or tv, newspapers, radio, etc.
That is just the opposite of what i would like to use it for.

It would be a cool add-on if you could use you're own word-list.

#

Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: 125.16.133.35] on November 27, 2007 02:13 PM

Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: 169.139.176.84] on November 27, 2007 05:04 PM
Great article thanks!

#

Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: unknown] on November 27, 2007 07:17 PM

Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: 66.93.40.240] on November 27, 2007 08:54 PM
Your browser's history logs help provide a speedier surfing experience for you. Unfortunately, skilled hackers can peek at them remotely to see where you've been ...


I don't think I understand what the bit about "skilled hackers" looking at browser histories remotely means. Could you provide a little more detail?

#

Ten Firefox extensions to keep your browsing private and secure

Posted by: Lisa on November 28, 2007 10:42 AM

Securely erasing FF cookies/cache

Posted by: Anonymous [ip: 80.216.20.241] on November 28, 2007 12:28 PM
One thing that I've been seeking for quite some time is a way to execute FF's "clear private data" function *securely*. As I understand it, the current implementation simply deletes the files in question--leaving the disk vulnerable to forensic inspection, undelete tools, and so on.

To avoid this potential problem on OS X, for example, I would want the "clear" function to do (move data to trash)-->Secure Empty Trash; on Win32 it would be (move data to Recycling Bin)-->Erase Bin with Eraser [http://www.heidi.ie/eraser/default.php] (I believe the commercial version of PGP has similar "secure wipe" functionality as well); and so on. The big problem, of course, is that the secure erase tool is (necessarily) platform-dependent.

Does anyone have any ideas for how to do this? Perhaps an extension that could be configured to call a particular executable (with appropriate arguments) or a script?

#

SwitchProxy vs FoxTor

Posted by: Anonymous [ip: 192.168.5.75] on November 28, 2007 12:37 PM
The problem with Foxtor: it only works with your local Tor/Privoxy setup. SwitchProxy allows you to define ANY proxy, local or not.

#

Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: 72.198.51.57] on November 28, 2007 08:05 PM
Really nice article!! Thanks for the tips.

#

Ten Firefox extensions to keep your browsing private and secure

Posted by: toronto on November 30, 2007 06:28 PM
Great article Lisa. I've referenced it over at my site www.killyourpc.org

#

Ten Firefox extensions to keep your browsing private and secure

Posted by: Anonymous [ip: 192.168.3.42] on March 04, 2008 04:20 PM
Security is really important thing. Thanks God now I'm using Linux insted of that unsecure Windows.

________________

<a href="http://www.exterminate-it.com/malpedia/remove-vundo-virtumondo">remove vundo trojan</a>

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya