Howto: Register Firefox Portable as the default Windows browser

August 27, 2008 — Julie

Ramesh has written some instructions detailing how to register Firefox Portable as the default browser for Windows XP and Windows Vista.

He uses a utility called DefaultBrowser to define the default browser in XP, and uses a tool called RegisterFirefoxPortable to do the same in Vista.

This is pretty slick, something I’ve been thinking about doing for a while.

Posted in firefox. Tags: , , , . Leave a Comment »

CMU announces free Firefox add-on to increase browser security against DNS flaw and digital signature problems

August 26, 2008 — Julie

Carnegie-Mellon University is making available a free add-on for Firefox 3.0 that’s intended to increase browser security.

The Firefox add-on was developed at the university’s School of Computer Science and College of Engineering and is available for free download. The Perspectives software not only protects Firefox users against attacks that might occur because of the recently disclosed software flawin the DNS, but it also defends against some digital certificate problems.

The extension provides two primary benefits:

  1. If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox will give you a very nasty security error and force you to manually install an exception. Perspectives can detect whether a self-signed certificate is valid, and automatically overrides the annoying security error page if it is safe to do so.
  2. It is possible that an attacker may trick one of the many Certificate Authorities trusted by Firefox into incorrectly issuing a certificate for a trusted website. Perspectives can also detect this attack and will warn you if things look suspicious.

* The same is true for HTTPS sites with certificates that contain mismatched domain names (e.g., www.gmail.com uses a certificate for mail.google.com) or certificates that are expired.

Because of the API used, the code only works in Firefox 3.x, not Firefox 2.x.

How it works, from the CMU web page:

“Perspectives is a new approach to help clients securely identify Internet servers in order to avoid “man-in-the-middle” attacks. Perspectives is simple and cheap compared to existing approaches because it automatically builds a robust database of network identities using lightweight network probing by “network notaries” located in multiple vantage points across the Internet.”

Original Source: networkworld.com

Posted in browser add-ons, security. Tags: , , , , , . Leave a Comment »

Recommendations for securing Internet Explorer, Firefox and Safari web browsers

May 15, 2008 — Julie

Cert has a document that show some specific steps you can take to secure your Internet web browser.  Detailed instructions, including screen shots are provided, along with explanations of what you are configuring and what the potential ramifications are.

The document focuses on IE, Firefox, and Safari and includes supplemental reference links to additional content.  They also include links to configuring similar options for Opera, Mozilla SeaMonkey, Konqueror, and Netscape.

Found via ts/sci security blog.

Posted in security. Tags: , , , . Leave a Comment »

Viewing Firefox’s Super Cookies

February 12, 2008 — Julie

Pascal has a nice short post on Firefox’s “super cookies” and the information contained inside the browser’s DOM storage. He does a nice job describing comparing Adobe’s Flash local storage to this storage technology, and gives examples of how to view this data using sqlite3 in Unbuntu.

If you’re running Windows, you can try the open source SQLite Database Browser instead of sqlite3 to view the webappsstore.sqlite file, which is a binary file normally unreadable to humans. SQLite Database Browser allows you to browse the database as well as query it.

I think more and more Internet based data will be stored in this manner in the future, so I hope others will check out the information stored in this database file. I’m surely going to be examining the webappsstore.sqlite file the next time I need to perform any type of computer forensics information gathering on a computer.

Posted in firefox, utilities. Tags: , , , , . 2 Comments »

Major Websense Content Filter Bypass Vulnerability

January 11, 2008 — Julie

I almost missed this Websense vulnerability, since it was published 12-21-2007, while I was on vacation. I’ve verified it works on one of my client’s networks using Firefox Portable 2.0.0.4, Websense 6.1.1, ISA Server 2004 Standard, and User Agent Switcher 0.6.10.

Mr HinkyDink, who discovered the issue used Websense 6.3.1, so I’m sure other Websense versions are susceptible as well. His instructions are:

I. Install FireFox 2.0.x

II. Obtain and install the User Agent Switcher browser plug-in by Chris Pederick

III. Add the following User Agents to the plug-in

Description: RealPlayer
User Agent : RealPlayer G2

Description: MSN Messenger
User Agent : MSMSGS

Description: WebEx
User Agent : StoneHttpAgent

IV. Change FireFox’s User Agent to any one of the preceding values

V. Browse to a filtered Web site

VI. Content is allowed

Content browsed via this method will be recorded in the Websense database as being in the “Non-HTTP” category.

See also Websense KnowledgeBase article #976, Websense cleaned up this issue in database #92938.

I work with a ton of school districts, all who are required by law to provide content filtering. We constantly struggle to keep ahead of the various methods of bypassing the filter that students find, but I really don’t fault the kids for being curious, or trying to outsmart the adults. I think the fault lies with the teachers who are supposed to be supervising, but instead allow the students to do whatever they want.

Posted in firefox. Tags: , , , , , , , , , . 7 Comments »

Howto: download a web browser from Windows when your web browser doesn’t work

January 1, 2008 — Julie

Suppose your Windows machine has a broken Internet Explorer – How are you supposed to get online to download patches and utilities to fix the problem? Use the built-in Windows FTP tool to download Firefox from a mirror site!

This was found on the SANS Internet Storm Center web site:

To start FTP, click StartRun and type cmd to launch a command prompt

From the command prompt window, type the following commands:

ftp ftp.osuosl.org
User: anonymous
Password: {your email address}
cd /pub/mozilla.org/firefox/releases/2.0.0.11/win32/en-US/
binary
mget *.exe

(say yes to getting Firefox Setup 2.0.0.11.exe)

quit

Now that you’re back to the command prompt, run this command, including the quotes as the file has spaces in the name:

"Firefox Setup 2.0.0.11.exe"

Thanks to William Stearns for these instructions! As newer versions of Firefox are released, replace the version number of Firefox Setup executable file with the appropriate numbers.

Posted in Windows, howto. Tags: , , , , , , . 1 Comment »

Improving the Firefox experience with CustomizeGoogle

December 10, 2007 — Julie

CustomizeGoogle is a great Firefox extension I’ve recently started using. It does exactly what the name suggests by allowing the user to set many Google related preferences. Check out the two minute movie that shows how easy it is to install and configure.

The CustomizeGoogle web site describes the extension as

“CustomizeGoogle is a Firefox extension that enhance Google search results by adding extra information (like links to Yahoo, Ask.com, MSN etc) and removing unwanted information (like ads and spam). All features are optional.”

My favorite features CustomizeGoogle offers is the ability to enforce access to Google web sites, such as Gmail and Google Reader, through a secure https connection. You can also easily remove all the Google ads from the search engine, gmail, Google Groups, etc.

You can read more about it at the CustomizeGoogle blog.

Posted in browser add-ons. Tags: , , , . Leave a Comment »

Howto: Thwart Internet Browser Third Party Cookies

December 8, 2007 — Julie

According to Wikipedia,

“HTTP cookies, sometimes known as web cookies or just cookies, are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts.”

and

“Images or other objects contained in a Web page may reside in servers different from the one holding the page. In order to show such a page, the browser downloads all these objects, possibly receiving cookies. These cookies are called third-party cookies if the server sending them is located outside the domain of the Web page. Third-party cookies are used to create an anonymous profile of the user. This allows the advertising company to select the banner to show to a user based on the user’s profile. The advertising industry has denied any other use of these profiles.”

The problem with third party cookies is they are set on your computer by web servers you likely had no intention of visiting, and are used to track your web surfing habits. Steve Gibson’s Security Now! podcast episode #119 has a very detailed discussion about why third party cookies are bad. He also describes how PayPal and DoubleClick have a relationship that allows DoubleClick to place third party cookies when you are logged into PayPal’s secure web site, and why that’s probably not a good thing for privacy.

When I setup a new computer or image I generally block all third party cookies. It’s easy to do in Internet Explorer 7:

Tools – Internet Options – Privacy – Advanced – Override Automatic Cookie Handling – Block Third Party Cookies

It’s not quite as easy to block third party cookies with Firefox 2.x. You’ll have to follow these steps:

1) In the Firefox address bar (where you type the web site address), type about:config

2) In the filter box type network.cookie.cookieBehavior

3) Right click network.cookie.cookieBehavior and select Modify

4) Change the value from 0 to 1

Some web sites may not work properly without the ability to accept third party cookies, so instead of totally disabling third party cookies you can use a hosts file to specify which web sites you never want your browser to access. According to mvps.org,

“The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a Hosts file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems.”

You can manually edit your hosts file to add entries for web sites you don’t want to ever visit. Or, you can use a freeware hosts file mangement application such as HostsMan or HostsXpert.

To manually edit your hosts file in Windows XP,

1) Click startrunnotepad c:\windows\system32\drivers\etc\hosts

2) add the IP address and name of the offensive web site

3) Click filesaveexit

If you have Windows Vista’s UAC enabled you’ll have to follow these directions in order to edit your hosts file.

If you don’t want to update your own hosts file and would rather use one pre-populated with offensive web sites, you can download one from MVPS. You’ll probably need to restart your computer to ensure the hosts file is reloaded.

If you experience poor performance when using a large hosts file, try disabling the DNS Client service. To do this:

1) Click startrun - and type services.msc

2) Right click DNS Client and select stop

3) Once the service stops, right click on DNS Client again and select Properties

4) Change the startup type from Automatic to Manual and click OK

Posted in howto. Tags: , , , , , , , , , . 3 Comments »

Firefox 2.x and excessive memory consumption

November 21, 2007 — Julie

I usually have a lot of tabs open in Firefox while I work. I’ve noticed (as have many others) excessive memory consumption by the browser at times. Right now firefox.exe is using 121,484K with only 9 tabs open. I rebooted first thing this morning, and I’ve had Firefox running for only about four hours.

Most of the information I’ve found says the problem has to do with misbehaving Add-ons, extensions or themes. I’m only running four Add-ons, and decided to uninstall all but my del.icio.us Buttons and Google Browser Sync. Unfortunately, the problem persisted even after a reboot.

I did some more searching and found this thread that suggests loading this image to see if your browser memory consumption goes through the roof. Mine did. I read further down the thread and found a problematic add-on is indeed Google Browser Sync.

Check out this list of problematic extensions to see if any of your favorite add-ons are listed. If none of your extensions are listed, try the suggestions found on the Standard Diagnostic for Firefox and the causes for Firefox Hangs.

You can also try the Leak Monitor extension to help determine what is the cause of your Firefox memory leak. PCtipsbox.com has four tips on handling Firefox memory usage as well.

Posted in browser add-ons, diagnostics, extension, firefox. Tags: , , , , , , . Leave a Comment »