Posts tagged with: Security

13+ Firefox Addons to Improve Your Online Safety and Privacy

[updated: December 2012]

1. TorButton

Complete anonymity is not possible on the internet. Tor is the next best thing available. Tor is one of the best privacy softwares available. Tor is recommended by EFF, who is the biggest advocate of online privacy. TorButton will make it easy to make firefox use Tor. Though it is the best for privacy online, configuring Tor may be a bit of a pain for first timers. If you install Tor, it will install the TorButton Firefox addon also. To download Tor, visit the Tor website.

2. NoScript

If Tor is the king of privacy, then NoScript is the king of security. NoScript protects you by blocking unauthorized sites from running scripts and programs in your computer. NoScript offers protection against cross site scripting attacks, router hacking, click jacking etc. NoScript is very much recommended, no matter you are a newbie or an experienced user.

3. WOT

WOT provides you information regarding websites’ trustworthiness based on ratings provided by a global community of users. Users rate websites based on their experiences, so you can know if you can trust a site before entering it. WOT will warn you about sites with low reputation (read it as dangerous websites) and hence will protect you from scams, phishing sites etc

4. FoxyProxy

Proxies are the easiest means to get basic anonymity on the web. By using a proxy, you can hide your IP address and thereby your exact physical location from the websites you visit. FoxyProxy will make firefox access sites through proxies, hence hiding information about you. FoxyProxy has advanced features and newbies may find it a lil complex. In that case, you can use Proxilla, which is relatively easy to use.

5. BetterPrivacy

The tracking ability of normal cookies is low. So internet marketing and research groups have come up with a more persistent way to track users – Flash Cookies (aka LSO‘s). Flash cookies offer more storage – 100 kb, as opposed to the 4 kb offered by normal cookies – and can’t be removed as easily as normal cookies. An alarmingly large number of websites now use flash cookies to track users. BetterPrivacy can protect you from flash cookies.

6. Roboform Password Manager or Secure Login

It is not safe to use the same password with multiple sites. But keeping track of different complex passwords for different sites is difficult. Here is where password managers come to rescue us. Password managers can store login information securely and can make it easily and securely accessible for us. Roboform password manager offers everything you need – easy access, encrypted storage, form filling etc.

Secure Login is another powerful password manager offering lot of useful features and stuff.

7. Enigform

Enigform protects our data and traffic by digitally signing our HTTP requests (including AJAX calls). The technique used is pretty impressive. It brings OpenPGP signing and encryption to HTTP traffic. Please keep in mind that Enigform can work its magic only if the website you are visiting runs on a mod_openpgp enabled Apache web server.

8. CookieSwap

Are you logged into your email account and some other important websites and need to open a suspicious looking site. Doing that may compromise the your important accounts. Then CookieSwap is for you. This addon will let you switch your firefox’s profile, hence hiding the active cookies. This addon can also be used for signing into multiple gmail/yahoo accounts at the same time. This is a very useful addon which I previously reviewed here among 25 Incredibly Useful and Cool Firefox Addons for Geeks and Web Developers.

9. Ghostery

Every single website you visit is tracking you. They are spying you to know your personal details such as browsing habits, interests and even sexual orientation. With Ghostery, you can see who is tracking can learn more about them, such as their privacy policy etc. Ghostery also makes it easy to block tracking codes and cookies from sites of your choice.

10. Close’n forget

This addon can close the current tab and forget everything about the visit. Close’n forget will delete the cookies, history and every information about that site. (This addon MAY not clear all the data about your visit. Please check if it is working as it should before you try something serious)

11. LongURL

Now we come across shortened links every day in our life. Almost every link posted in twitter and email newsletters are now cloaked by some sort of a URL shortening service. It is really REALLY important to know where a URL is taking you before you click it. One normal looking wrong link can devastate you. The LongURL addon can find where shortened links take you. So be sure before you clink. (This addon don’t work with the latest version of firefox yet)

12. TabRenamizer

People always just love to watch over our shoulders and read the titles of our opened tabs. TabRenamizer is the solution against such prying eyes. With one click, you can rename your tab titles to something more.. serene.

13. Fission

Fission is not exactly a security or privacy addon. But it makes it easy for us to spot the domain name from the URL. Scammes and phishers (bad people) use URL’s closely matching to genuine ones to carry our phishing attacks. They may create a fake gmail login page at some location like www.google.com-accountLogin.some-domain-name.com. Such addresses are easy and inexpensive to create. Unsuspecting users may read only the www.google.com in front of the URL and type in their username and password thinking that it is the legitimate site.

I have stated the importance of taking notice of the address bar in a previous article – 7 Points to Stay Safe in the Social Web.

The Fission addon can highlight the actual root domain, making it easy to recognize fake URL’s. See below how the fake URL is easily spottable with Fission enabled.

So have you used any of these addons? Do you know or recommend any other security/privacy addon? Please share your knowledge with others through the comments.

 

14. HTTPS Everywhere

HTTPS Everywhere is a useful addon developed by the Electronic Frontier Foundation, the leading digital privacy advocacy group. This addon will enable secure connection when you connect to popular websites (if the sites actually support it). A version of this addon for Google Chrome browser also is available at the above link.

 

Lighter Side

Image Source: Geek and Poke


7 Points to Stay Safe in the Social Web

Facebook Population

How many of those people you know doesn’t have a Facebook account, or an Orkut or MySpace account? I won’t be surprised if you say your 90yr old grandmother is tweeting or your 3yr old brother is playing mafia wars in Facebook 🙂 With the ever increasing participation of people in social networking sites, the more vulnerable their security is being. As this Mashable post says, a guy named Israel Hyman posted this status message in his twitter account saying he’s enjoying his excursion to Kansas city. Later, he returned home to see that his house had been burglarized.

Ok, now let me tell you how to stay (relatively) safe on the social web.

1. Use Strong Passwords

This is the most basic rule. A complex password may be difficult to remember, but it is worth it, believe me. If you know your dad’s high school sweetheart’s name, try it as password in his mail account or Facebook account. You have good chances. Personally my mother still uses my dad’s nickname as her Gmail password. Using simple, easily guessable passwords is most common in less tech savvy people, like your parents, uncles or high school principal. Recently, a social media website called TeensInTech was hacked and a lot of confidential information were compromised. Later after investigating the issue, the company said that their easily guessable password is what gave them in.

2. Avoid easily guessable Security Questions.

Almost all websites including social networking sites rely on security questions for the purpose of retrieving account access incase if password is forgotten. Using easy to guess security questions is a more common scenario than that of using simple passwords. There was this guy in my college I had a grudge against. I found out his email id from his Orkut profile page. It was a Gmail account. I tried the ‘forgot password’ option in Gmail. I was presented with the security question he had set – “What is my college?” 😀 You guess what happened next. There was another guy whose security question was “What is my country?”. I searched for his name in Google and found that most of the results were related to brazil. So I could easily guess that he was Brazilian. Even if that is not the case, any stupid can see that there are less than 300 countries in the world and it is only a matter of time before guessing the correct one.

Avoid questions like these:

  • My mother’s maiden name? – your relatives may know that.
  • What is my pet? – Your neighbors may know that.
  • My first teacher? – Some of your friends may know that.
  • Where did I first meet my boyfriend/spouse? – At least your boyfriend knows that 😀

There are loads more.  Besides these guessable questions, avoid questions which can have only a limited set of answers, like these:

  • Which month am I born in? – It is only a matter of trying the 12 possibilities.
  • My favorite flavor of ice cream?- It is more than easy to guess, unless you are some weird Eskimo chef 🙂

3. Share less / Share wisely

The main agenda of social networking sites is to make you feel like sharing the most. These sites will make you think that it is a good thing to share everything. You will be even given option to marks some of these information as ‘private’, so that only those in your friends list will be able to see it. Believe me, you can trust no one. You won’t believe if I tell you the number of guys who have asked me to crack their girlfriends’ mail id. I regret to say that I once cracked one of my best friend’s email account, just for fun. I felt terrible after doing so, so I confessed – after a few months!

Your personal information like zip code/postal code, mobile number, birthday etc can be used to retrieve your accounts if forget your password. So it is very important to to share wisely.

Try not to share the following information in social networking sites:

  • zip code
  • address/exact location
  • email address
  • mobile number
  • birthday
  • And other similar information.

4. Add people only  you thoroughly know as your friends

Increasing our friends is one of the thing social networking sites have been doing all these days. Even 5th grade kids seem to have 999 friends. To increase our connections, these sites present several options – importing email contacts, friend suggestions etc. It is not rare getting friend requests from people we hardly know. Most of the time, we accept all the requests, just because we don’t want to say no, and appear to an anti-social jerk. Sometimes you get friend requests from total strangers, and you will accept them just because he is from your state or district. Don’t Do That.

There is this new kind of attack method crackers/hackers are using, called Social Engineering, where hackers gather your personal information and use it to access your online accounts, reset passwords etc. So as I said, when you get a friend request, examine his profile thoroughly and accept the request only if you are fully satisfied. Never accept the request if you have at least a lil bit doubt left.

No, it’s not done with yet.

Even if the friend request is from a close friend or a person you know very well, there is a good chance that you are being manipulated. It is easy for a hacker to create a copy of one of your friend’s profile and send the request. So when you get a friend’s request, first check whether he’s already in your friends list. If you already have the same friend in your list, bet one of them is fraud. If possible, call the friend and ask him whether he just send you a friend request.

5. Do not Over-Tweet.

Twitter is the most trendy social web service now. Every cat, cow and corporation now has twitter account. When it comes to posting status updates in twitter, people seem to think that it is okay to post anything. And they post information which would’ve been kept confidential otherwise.

Know your audience (followers)

If you plan to tweet about utterly personal things, it is better to keep your tweets private. If you set your tweets to be private, your status updates won’t appear in the public timeline as you post them and will not be searchable. If your friend or brother wants to follow you, you will be asked to approve first and then only they will start getting your tweets.

Even if you are just comfortable with keeping your tweets public and wants to keep them so, then it is okay, but keep an eye on what you are posting.

6. Use the address bar to visit the site.

Trust the address bar.

Do not trust links.You may receive emails, saying ‘you have one friend request, click this link to accept’ or anything like that which can be extremely convincing. Do not click on links you receive in email to log into your social networking sites. These links may lead to bogus log in pages that may exactly look like the original login page. And once you enter your username and password into it, hoping to log into the original site, rest in peace.

Bu
t if you want to log into your Facebook account or Twitter account, use your browser’s address bar to type in the address of the site. Also before entering your login details in the site, make sure the address in the url is Facebook itself. Phishers (hackers) can employ addresses similar to the original site. So it is good to double check the address. For instance, I can create a fake Facebook login page in the address www.facebook.com.login.devildesigns.net. The address looks like a genuine one (www.facebook.com) in first look. But it is actually a sub-domain, which anyone can easily create. Only careful look can make out the difference. Tip: There is this Firefox addon which highlights the original root domain. See the screenshot below.

location-bar

You can see the root domain (mozilla.com) is highlighted.

7. ..And finally, Trust No One.

Just keep in mind that everyone you meet online has a good chance of being a malicious user. Trust no one (even if he’s claiming to be ur dad. no no, uncle. okay?). The world wide web is a magical world where anyone can be everyone and everywhere. One can easily disguise as someone else. When next time you get a tempting friend request from a hot young lady, just keep in mind that probably it is some fat, balding guy with his …h…d…hangin s… e … w c (guess it is enough 😉 )

Let me know your opinions/ideas through the comments.

Lighter Side

Identity Theft

Image Source: Flickr


Google is serious – HTTPS by default for GMail

Once again Google has proved that they are the number one webmail. Almost all the webmail services – GMail, YahooMail,Windows Live Mail…. – are using HTTPS for logging the users in. i.e., if you are using firefox, you will see a bluish glow in the left end of the address bar when you are accessing the sign in page of gmail (and other webmails too). And if you take a closer look, you will see the addtess of the page starts with HTTPS, rather than just HTTP.

Having HTTPS in the sign in page makes it very difficult for hackers to steal your password. But once you are loggged in successfully, the HTTPS access is switched to normal HTTP . And everything you do now with your email account -sending mails, reading mails, viewsing contact book.. – is over the normal HTTP connection. So a hacker or even a high schooler with no programming knowledge can easily see everything you are doing. So, your sensitive information is compromised.

And the solution?

In Gmail’s settings, there was this option to set full time HTTPS access to your mail account. But it was optional. Now Google has made the HTTPS mode enable by default for all mail accounts. (Still you can disable it under the settings if it is itching).

I strongly recommend everyone using the ‘always use HTTPS’ setting.

I will be writing some posts covering HTTPS and internet security soon. Come back soon. Bye now.