Firefox's Noscript and Secure Login extensions: a match made in heaven
There are two FireFox extensions that I'd like to briefly pimp out:
Noscript - Noscript is used to disable Javascript execution on sites that you visit. By default, it disallows Javascript on ALL sites that you visit. The only sites it will run Javascript from are the sites that you tell it about. This will help cut down on the chances of randomly visiting a site which contains malicious Javascript code on it. This goes hand in hand with the next extension:
Secure Login - One of the cool things about FireFox is that it will store passwords used on sites that you visit, and fill in those login forms automagically when you return those sites. The problem here is that malicious Javascript code can be used to steal the username and password when they are filled in automatically. Note that the form does not actually have to be submitted - once FireFox sets the values in the form fields, the data is available to Javascript code. This can be a problem even when visiting a site that you trust, if say they do a poor job of sanitizing comments and hostile Javascript gets inserted into a comment.
When running Secure Login, the username and password will NOT be filled in automatically. Instead, those fields will appear "shaded" to indicate that a login form has been found, and you the user can begin to type in your username until FireFox does its normal auto-completion, at which point you can select your username from the drop down list, and the password will be filled in along with it.
Running these two extensions won't give you 100% security. But it will give you a boost in keeping your machine safe from casual attacks that are designed for the general populace. If you are running a Windows machine, it never hurts to run anti-spyware products either.
Happy safe computing!
Noscript - Noscript is used to disable Javascript execution on sites that you visit. By default, it disallows Javascript on ALL sites that you visit. The only sites it will run Javascript from are the sites that you tell it about. This will help cut down on the chances of randomly visiting a site which contains malicious Javascript code on it. This goes hand in hand with the next extension:
Secure Login - One of the cool things about FireFox is that it will store passwords used on sites that you visit, and fill in those login forms automagically when you return those sites. The problem here is that malicious Javascript code can be used to steal the username and password when they are filled in automatically. Note that the form does not actually have to be submitted - once FireFox sets the values in the form fields, the data is available to Javascript code. This can be a problem even when visiting a site that you trust, if say they do a poor job of sanitizing comments and hostile Javascript gets inserted into a comment.
When running Secure Login, the username and password will NOT be filled in automatically. Instead, those fields will appear "shaded" to indicate that a login form has been found, and you the user can begin to type in your username until FireFox does its normal auto-completion, at which point you can select your username from the drop down list, and the password will be filled in along with it.
Running these two extensions won't give you 100% security. But it will give you a boost in keeping your machine safe from casual attacks that are designed for the general populace. If you are running a Windows machine, it never hurts to run anti-spyware products either.
Happy safe computing!
no subject
The other FF plug in love is UNPLUG, which will give you the true links to any enbedded media on the pages you visit.
no subject
One of the first things I do with any Firefox (or IE) I intend to use regularly is disabling their password remembering functions. When I used to use it it used to get on my nerves that it would fail seemingly randomly; like maybe the forms were dynamic, or every so often changed names and my passwords would be gone.
More than that, having the passwords remembered automatically is a great way to forget passwords; so now I prefer to enter them by hand and keep them more fresh in my memory.
no subject
Noscript is like learning stick shift. After awhile, it becomes second nature. :-)
no subject
Thanks for these! I already have Adblock up.
no subject