Tag Archives: Security

Top 3 Firefox add-ons for security enthusiasts in 2012

Security is time consuming and often just plain inconvenient, but there are a handful of plugins that make being secure much easier. I give you the top 3 security add-ons for Firefox that I personally use.

(PS: In terms of ratings, 1/5 refers to the least and 5/5 to the most.)

1. HTTPS Everywhere

Easy of use: 5/5, Convenience: 5/5

This plugins basically has a list of popular sites programmed in it, such as Facebook, Twitter, Google, etc. that offer a secure https connection. Whenever you visit one of those sites, it forces Firefox to use the secure connection instead of the standard (http) one. Https is a protocol that encrypts data between you and the website you’re interacting with. If you were wondering what the little “s” after http stands for, the answer is “secure” 🙂 .

The only note I have about this is that one of the websites on that list is Netflix, and even though Netflix supports logging in securely, it doesn’t properly work when trying to manage your queue, so you may have to disable it just for that site. Other sites may exhibit problems as well, but I haven’t come across any of them yet.

2. NoScript

Easy of use: 4/5, Convenience: 3/5

This plugin is a lifesaver. Most malicious things on a website, whether it’s a fake security warning that your PC is infected or something that tries to hijack your browser, are created by using scripts, or more specifically, JavaScript. This add-on basically prevents all scripts from executing without explicit permission from you. The problem is, most websites use and rely on scripts. Scripts in themselves aren’t dangerous at all, they are quite useful, it just depends on what they do. So blocking all scripts on all websites is not the solution.

The purpose of the add-on is to block them by default and then you specifically allow the scripts you need. This sounds very complicated and it is at first, but after a while you’ll be able to recognize what seems legitimate and what not. My approach is this: I try to use a website the best I can without scripts. If something doesn’t work, I enable the most obvious ones first. If I’m on Yahoo!’s website for example, I’ll enable scripts from yahoo.com first, then try it again, and if it still doesn’t work, I’ll enable other scripts. I’ll probably have to create another post down the road that explains what the “other scripts” are in more detail.

In it’s most simplest form, if you don’ know anything about scripts, enable them all on the sites you trust, however, often you’ll find yourself googling a topic of interest and you may visit many unfamiliar and untrusted websites when following those search results. For those sites, always block all scripts. If the site doesn’t come up or something looks weird, leave the site and try another result.

3. Web of Trust (WOT)

Easy of use: 5/5, Convenience: 5/5

How great would it be to know whether a website is dangerous or not before you visit it? Imagine a little circle next to all links that could have one of three colors: green (this website is safe), yellow (this website may be suspicious), and red (this website is dangerous). Would be awesome, right? Well, someone’s thought of that.

I give you the Web of Trust add-on. That’s exactly what it does. With it installed, for example, you’ll see little colored circles on all the links in a Google search result and that will tell you whether you should go to that website or not. On top of that, even if you click on a website that doesn’t have a circle and it was rated dangerously or maybe it was red and you accidentally clicked it, an intermediate screen will appear asking you to confirm whether you really want to visit that website or not. The great thing is that WOT is community based, so it takes other people’s reviews in consideration when rating websites.

Sometimes sites aren’t rated (like this one here), which is indicated by a gray circle and a question mark. It’s up to you whether you want to visit it or try another site.

There you have it, the 3 best add-ons for Firefox in terms of security. If I missed something or there’s another great add-on you can recommend, leave it in the comments below.

Dropbox can be a good tool for developers

Dropbox — yes, that’s a referral link, providing you and me with extra storage space — is a service that let’s you share your files between different devices of yours. You also have the ability to share individual files with friends via a link. Dropbox basically adds a new folder to your computer and any files or folders you store within it, are synchronized with all of the other devices that you’ve installed Dropbox on.

Here are some aspects that make it useful for developers:

1. Runs on all types of devices

You can install Dropbox on Windows, Mac, Linux, Android, Blackberry, iPad, and the iPhone, giving you access to your files from virtually any device. Furthermore, you can login to dropbox.com to view, download, and upload your files.

2. Version control

Every time you edit and save a file from your Dropbox folder, whether it’d be a text file, word document, picture, etc, Dropbox will maintain a revision of it. You can then view your previous revisions via the web interface. The revisions contain timestamps, which device made the modification, file sizes, and an option to revert back to a file.

3. File conflict resolution

It may happen that you’re editing some code in a file from device #1, forget to save and close the file, and then edit the file from device #2. In that case, when you save a modified version of the file from device #2, Dropbox will save it like it normally would. Now, once you go back to device #1 and save/close the file, Dropbox knows that it’s been modified since then, which is why it will save it as a copy followed by the device’s name. This allows you to manually merge your changes from device #2 later on. The manual part isn’t ideal, but it’s better than losing data.

4. Restore deleted files

If you delete a file with intent or by accident, but need to restore it later for some reason, you can login via the web interface, enable “show deleted files,” and restore any one of the previously deleted files.

5. Collaborate with friends

If you’re working with another developer, one of you can share a folder with the other, which means you both see exactly the same files. The same features apply as mentioned above e.g. version control, file conflict resolution, and restoring deleted files.

6. Photo gallery

If you have a folder with lots of pictures in your “Photos” folder, right-clicking on any subfolder gives you the option to copy a public link. This allows you to quickly share a gallery of photos with another person, whether they have Dropbox or not.

7. Friendly user-interface

The software is very well designed. At all times you can see whether any files are synchronizing in your Dropbox folder. Furthermore, if you actually view the Dropbox folder, you’ll see that every file or folder has either a check mark, a loading icon, or an “x,” indicating the file’s current status.

8. Get additional space for free

You get 2GB for free initially, but by referring friends, you can get up to 10GB of space. On the other hand, if you find the service useful, you can get 50GB or 100GB for $99/year or $199/year respectively.

Now, this all sounds pretty neat, right? But here is one more thing to consider:

9. Security

Even though your files are transferred over SSL and are encrypted when stored, Dropbox has the encryption key. Their employees are only permitted to view meta data e.g. file names and dates, however, in the worst case scenario, they can decrypt and therefore view any files they like — they’re not supposed to, but you must accept the possibility. This means that you should be mindful in the kinds of data you store in Dropbox. Don’t store classified or confidential data. Now, you could encrypt your files on your device prior to storing them in Dropbox, which would solve this particular problem (TrueCrypt comes to mind).

On another note, it’s not just Dropbox employees who can access your data, because there was a time that a glitch exposed user’s data to the public, so since that happened once, it could happen again.

Lastly, I don’t need to mention that if someone has physical access to your device, they will have access to any data stored on your computer, but that brings is to another security problem in Dropbox. Once you install it for the first time, you’re asked to login. Upon login, Dropbox saves a special file on your computer that contains an ID number that is tied to your account. Using that number, it authenticates with the cloud and then keeps your files synchronized. The problem is that the file is not tied to your system, so anyone with knowledge of this bug and physical access to your device, can copy that file to their device and have limitless access to your files in Dropbox. To make matters worse, even if you changed your password after the fact, the hacker would still have access to your account, because the ID number in that file would still be valid. You can read more about this vulnerability from Derek Newton.

I leave it up to you whether you become a Dropbox user, however, for my purposes as a developer and being able to gauge my projects and the security they require, Dropbox is perfect most of the time.