![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Firefox's Noscript and Secure Login extensions: a match made in heaven
There are two FireFox extensions that I'd like to briefly pimp out:
Noscript - Noscript is used to disable Javascript execution on sites that you visit. By default, it disallows Javascript on ALL sites that you visit. The only sites it will run Javascript from are the sites that you tell it about. This will help cut down on the chances of randomly visiting a site which contains malicious Javascript code on it. This goes hand in hand with the next extension:
Secure Login - One of the cool things about FireFox is that it will store passwords used on sites that you visit, and fill in those login forms automagically when you return those sites. The problem here is that malicious Javascript code can be used to steal the username and password when they are filled in automatically. Note that the form does not actually have to be submitted - once FireFox sets the values in the form fields, the data is available to Javascript code. This can be a problem even when visiting a site that you trust, if say they do a poor job of sanitizing comments and hostile Javascript gets inserted into a comment.
When running Secure Login, the username and password will NOT be filled in automatically. Instead, those fields will appear "shaded" to indicate that a login form has been found, and you the user can begin to type in your username until FireFox does its normal auto-completion, at which point you can select your username from the drop down list, and the password will be filled in along with it.
Running these two extensions won't give you 100% security. But it will give you a boost in keeping your machine safe from casual attacks that are designed for the general populace. If you are running a Windows machine, it never hurts to run anti-spyware products either.
Happy safe computing!
Noscript - Noscript is used to disable Javascript execution on sites that you visit. By default, it disallows Javascript on ALL sites that you visit. The only sites it will run Javascript from are the sites that you tell it about. This will help cut down on the chances of randomly visiting a site which contains malicious Javascript code on it. This goes hand in hand with the next extension:
Secure Login - One of the cool things about FireFox is that it will store passwords used on sites that you visit, and fill in those login forms automagically when you return those sites. The problem here is that malicious Javascript code can be used to steal the username and password when they are filled in automatically. Note that the form does not actually have to be submitted - once FireFox sets the values in the form fields, the data is available to Javascript code. This can be a problem even when visiting a site that you trust, if say they do a poor job of sanitizing comments and hostile Javascript gets inserted into a comment.
When running Secure Login, the username and password will NOT be filled in automatically. Instead, those fields will appear "shaded" to indicate that a login form has been found, and you the user can begin to type in your username until FireFox does its normal auto-completion, at which point you can select your username from the drop down list, and the password will be filled in along with it.
Running these two extensions won't give you 100% security. But it will give you a boost in keeping your machine safe from casual attacks that are designed for the general populace. If you are running a Windows machine, it never hurts to run anti-spyware products either.
Happy safe computing!
no subject
Thanks for these! I already have Adblock up.
no subject