Improve your web security: an important addon

[Thomphoolery]

https://www.eff.org/https-everywhere

This addon was recently released and updated over the weekend. Whenever a URL is accessed within the browser, this addon automatically replaces the "http://" portion of the URL with "https://".

A small syntactic change, and not a full solution, but at least this addon guarantees that your traffic will be encrypted whenever possible.

-j

[Omegaman]

This is to hopefully counter the firesheep exploit?

[Thomphoolery]

This is to hopefully counter the firesheep exploit?

Partially. Most websites that expose session cookies via unencrypted channels still have to be fixed, but this is at least a good stop-gap solution.

-j

[Yoink]

This is to hopefully counter the firesheep exploit?

http://news.slashdot.org/story/10/11/08/1333224/Firesheep-Countermeasure-Tool-BlackSheep?from=rss

[Thomphoolery]

This is to hopefully counter the firesheep exploit?

http://news.slashdot.org/story/10/11/08/1333224/Firesheep-Countermeasure-Tool-BlackSheep?from=rss

That Blacksheep thing isn't a solution at all. While it throws Firesheep specifically off the trail (and only slightly at that), any insecure cookies are still floating around over your open wireless connection.

-j

[Yoink]

Ahh... well then, shit

[Thomphoolery]

Another important step in web security - Adobe Flash (inside Chrome) is now subject to the same sandboxing regulations as HTML and Javascript.

Or, as Engadget put it: "Hey, Adobe's finally figured out how to make Flash secure -- have Google do it!"

http://blog.chromium.org/2010/12/rolling-out-sandbox-for-adobe-flash.html

-j

[Thomphoolery]

For you Chrome users out there:

http://www.webmonkey.com/2011/01/chrome-add-on-kills-tracking-cookies/

This article details a Chrome addon which detects incoming and outgoing cookies, disabling the 'tracking' feature on them.

-j

[Grazer]

So for a guy like me, who doesn't know diddly dick, is Chrome more secure than Firefox?  What addons would you say are necessary?

[Thomphoolery]

So for a guy like me, who doesn't know diddly dick, is Chrome more secure than Firefox?  What addons would you say are necessary?

Chrome and Firefox are competing to be 'the most secure'. It's become kind of lock-step at this point, each one is releasing new privacy and security features in a tit-for-tat fashion.

Each browser has addons like: NoScript, AdBlock, HttpsEverywhere

In the end, the most important security feature anyone can ever utilize is their own common sense. For instance, if I absolutely need to open a link from some file-sharing site (or something equally weird looking), I'll open it in a vmware-hosted linux image.

All your banking and bill paying (ie: legit, trusted sites with super important logins) should be done from a dedicated 'banking' browser. For instance, do your casual browsing in Firefox and never ever open IE for anything except banking. Of course, that only works if you've never used IE for anything else before =)

-j

[Thomphoolery]

Previously only available to Google Apps domains, Google is now opening up 2-factor authentication to all Google users. If you are like me and use GMail for ...basically everything, this is something you don't want to dodge.

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

You can get your OTP SMSd to you, or use an iPhone/Android app to generate it.

-j