giza: Giza White Mage (Default)
Douglas Muth ([personal profile] giza) wrote2007-07-23 03:04 pm
Entry tags:

Firefox's Noscript and Secure Login extensions: a match made in heaven

There are two FireFox extensions that I'd like to briefly pimp out:

Noscript - Noscript is used to disable Javascript execution on sites that you visit. By default, it disallows Javascript on ALL sites that you visit. The only sites it will run Javascript from are the sites that you tell it about. This will help cut down on the chances of randomly visiting a site which contains malicious Javascript code on it. This goes hand in hand with the next extension:

Secure Login - One of the cool things about FireFox is that it will store passwords used on sites that you visit, and fill in those login forms automagically when you return those sites. The problem here is that malicious Javascript code can be used to steal the username and password when they are filled in automatically. Note that the form does not actually have to be submitted - once FireFox sets the values in the form fields, the data is available to Javascript code. This can be a problem even when visiting a site that you trust, if say they do a poor job of sanitizing comments and hostile Javascript gets inserted into a comment.

When running Secure Login, the username and password will NOT be filled in automatically. Instead, those fields will appear "shaded" to indicate that a login form has been found, and you the user can begin to type in your username until FireFox does its normal auto-completion, at which point you can select your username from the drop down list, and the password will be filled in along with it.

Running these two extensions won't give you 100% security. But it will give you a boost in keeping your machine safe from casual attacks that are designed for the general populace. If you are running a Windows machine, it never hurts to run anti-spyware products either.

Happy safe computing!

[identity profile] drzarron.livejournal.com 2007-07-23 07:32 pm (UTC)(link)
I've been using Noscript since you first recommended it and it is amazing, can't sing it's praises enough.

The other FF plug in love is UNPLUG, which will give you the true links to any enbedded media on the pages you visit.

[identity profile] furahi.livejournal.com 2007-07-24 06:48 pm (UTC)(link)
I have considered using NoScript for a while, but I've always feared it'd be too big a nag, as more and more sites use javascript intensively, even for basic navigation

One of the first things I do with any Firefox (or IE) I intend to use regularly is disabling their password remembering functions. When I used to use it it used to get on my nerves that it would fail seemingly randomly; like maybe the forms were dynamic, or every so often changed names and my passwords would be gone.
More than that, having the passwords remembered automatically is a great way to forget passwords; so now I prefer to enter them by hand and keep them more fresh in my memory.

[identity profile] giza.livejournal.com 2007-07-24 06:51 pm (UTC)(link)

Noscript is like learning stick shift. After awhile, it becomes second nature. :-)

[identity profile] starbiter.livejournal.com 2007-07-28 08:14 pm (UTC)(link)
What if you never, ever, allow Firefox to remember passwords and always log in to websites or whatever by always typing in your username and password by hand? Do you need to install SecureLogin?

Thanks for these! I already have Adblock up.

[identity profile] starbiter.livejournal.com 2007-07-28 08:17 pm (UTC)(link)
Wait, I have no idea why I mentioned Adblock. I think I confused it with Noscript, which I don't have running. /rofl