“In part 2 of this series, we look at some new browser sandboxing developments in Firejail security sandbox. Since the first article was published, many new features have been added. Unlike other sandboxes, the main focus of Firejail project is GUI application sandboxing, with web browsers being, at least for the immediate future, the main target. …” Source: l3net – a layer 3 networking blog Details
Security
“While you can make privacy related configuration changes in the Firefox options, many advanced options become only available when you load about:config or install add-ons that provide you with frontend access to those settings.“You can check out our list of best privacy add-ons for Firefox which gives you an overview of good extensions for that purpose.“Tinfoil is a brand new extension for Firefox that makes quite a few privacy related preferences available in its options. … “ Source: gHacks Tech News More
Google researchers announced recently of the POODLE (Padding Oracle On Downgraded Legacy Encryption) Attack which hackers take advantage of sites (around 0.3%) still using the outdated (introduced in 1996) SSLv3 security protocol. Mozilla has announced that SSLv3 will be disabled, unfortunately it won’t be until Firefox 34 which will be released on November 25th. However, user can (and are urged to) install the SSL Version Control extension which will disable SSLv3 on the fly. I would not be surprised though if Mozilla pushes out Firefox 33.1 update to have SSLv3 disabled in the coming days or weeks. Google Chrome is already testing changes to disable…
Google has come out with a tool (beta) for Windows to help users identify and remove rogue extensions and toolbars that are secretly tracking you. When malicious programs are using your Chrome browser to collect data, serve you ads or cause overall sluggishness, there’s a quick way to find out what’s causing the issues. Google recently published the Software Removal tool for Windows that will scan for software that is causing issues with the browser. A few words of caution before you use this tool: It is still in Beta so you may want to create a restore point just…
Browsers extensions are great as they enhance the usability and your experience with your browser. However, there are some extensions out there that will actually do the opposite. This seems to be a bigger problem for Chrome but there are a couple known ‘spying’ extensions in Firefox. These ‘evil’ extensions may track you or as in the case with Scott Hanselman inject ads into sites you are viewing. My perspective on JavaScript-based browser extensions has been far too naïve until this point. We were all burned by bad toolbars or evil ActiveX add-ons in the past, so when I run IE I run it with…
Mozilla release an emergency update for Firefox 32.0 on September 24th, 2014 with Firefox 32.0.3. This release addressed these issues: MFSA 2014-73: RSA Signature Forgery in NSS Please see the release notes for full details. Depending on update settings, users will be prompted to update to version 32.0.3 or can do so via Help > About Firefox or going to getfirefox.com where they can download and manually install the latest version of Firefox. The next planned release will be Firefox 33 on October 14, 2014.
Now, for whatever reason I have not seen any reference to this new feature (or annoyance as Mozilla makes it rather difficult to allow the download if you understand the risks) in the Firefox 32.x release notes. From the Mozilla Security Blog: Until recently, we only had access to lists of reported malicious web sites, now the Safe Browsing service monitors malicious downloaded files too. The latest version of Firefox (as of July 22) will protect you from more malware by comparing files you download against these lists of malicious files, and blocking them from infecting your system. The next version of Firefox…
Mozilla release an emergency update for Firefox 32.0 on September 12th, 2014 with Firefox 32.0.1. This release addressed these bugs: Stability issues for computers with multiple graphics cards Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites WebRTC: setRemoteDescription() silently fails if no success callback is specified Please see the release notes for full details. Depending on update settings, users will be prompted to update to version 32.0.1 or can do so via Help > About Firefox or going to getfirefox.com where they can download and manually install the latest version of Firefox. The next planned release will…
Mozilla release the next update for Firefox with Firefox 30.0 on June 10th, 2014. This update includes a couple new features: Sidebars button in browser chrome enables faster access to social, bookmark, & history sidebars Mac OS X command-E sets find term to selected text There were several fixes included in this update and those can be found in the Release Notes. Depending on update settings, users will be prompted to update to version 30 or can do so via Help > About Firefox or going to getfirefox.com where they can download and manually install the latest version of Firefox. The…
We have been told over and over and over again to use strong passwords. If you can remember your password then it is too weak. Because of this, many people use password vaults or password managers to store their super strong impossible to remember passwords. When they need to log into the site, they simply paste the password from their vault or use their password manager to fill-in the password field. Seems like a good security practice as the users have a very strong password…apparently not. Some sites are no longer allowing you to paste in your password (some may or…