Categories
Browser extensions

Nano Adblocker

Nano Adblocker is based on uBlock Origin and comes compared to it’s original with a better Syntax highlighter, advanced filter viewer, timer bypassing filters and more.

Nano Adblocker

Categories
Browser extensions

Tor Browser 7.5

The Tor team announced another major release today, the release is available from the Tor Browser Project page and also from our distribution directory. The biggest change seems the new UI re-design on the welcome screen among the Next generation of Onion Services.

tor-launcher-bridge-small

Security related changes from Firefox were also merged into the current release.

Categories
Browser extensions

Decentraleyes addon loads CDN resources locally

Decentraleyes by Thomas Rientjes recently got an update and is now available in version 2.0.2, the biggest change is that is now compatible with Chrome and Opera, besides this it also was tested with Pale Moon and the ESR Firefox version. Basically you install the addon and then check against a test page if it’s working or not.

Categories
Browser extensions

Malwarebytes Extension for Firefox – You don’t need it!

Malwarebytes now has an add-on available for Firefox on AMO. The extension in beta, has this description: “Detects and Protects against malware, scams and deceptive advertising on the web”. But do you really need it? I know there are a lot of Malwarebytes fans out there and their main-product is mostly good to go – So here we are and asking ” Do we need another extension to secure our Browser?”.

Malwarebytes-extension-for-Firefox

Categories
Browser extensions Security

How to Block Iframes, JavaScript & Redirections

Some websites have code to “break out” of IFRAME enclosures, meaning that if a page A is loaded as an IFRAME inside a parent page P some Javascript in A redirects the outer window to A.

Typically this Javascript looks something like this:


  if (top.location.href != self.location.href)
     top.location.href = self.location.href;
Categories
Browser extensions

Do you really need HTTPS Everywhere extension?

It isn’t a must-have extension (in my opinion) and it can break some websites but it can be beneficial if it works. I remember it used to very popular and the popularity died down a bit because certificates are very cheap these days. I once used it and liked it at the time, but I removed it a very long ago because I’ve not a need for it anymore.

https-everywhere
Official HTTPS Everywhere Logo

By the way just as a general note, about the encrypted traffic between the browser and the target destination. Banking malware can actually intercept SSL and this technique is known as “WebInject“. The older technique for banking malware is called “Form-grabbing“, but that only covers HTTP communication, not HTTPS. SSL data will be decrypted by the browser client post-communication, and this is where banking malware can abuse this (exploit) to retrieve the decrypted SSL data via WebInject. Another would be messing with the certificates on the system. Some Anti-Virus programs do this and it can open opportunity for a Man-In-The-Middle (MITM) attack.

Problems

  • Johnny assumes HTTPS Everywhere automatically switches sites to HTTPS when available. So when he hits a login over HTTP he shrugs and says “I guess they don’t have HTTPS” and fills in the login anyway.
  • Johnny realizes that more and more, with HTTPS Everywhere installed he doesn’t need to worry about the lock icon in the URL bar. After all, if HTTPS is available HTTPS Everywhere will automatically switch him over, and if it isn’t, there is nothing he can do about it anyway.
  • Johnny isn’t aware that HTTPS Everywhere is automatically sending a fingerprint of every HTTPS site he visits to HTTPS Observatory (allowing them to track his browsing if they wanted).
  • The extension might be infected/faked or collects data. Less extension -> lower attack surface.
  • High memory usage to parse the integrated rule list.

Malware these days is using HTTPS (as mentioned) more than ever before, increasing by the day. This is why modern gateway appliances are all going to be required to do SSL scanning. Deep inspection takes a locally installed Root certificates but normal SSL inspection doesn’t. HTTPS Everywhere isn’t required at all when you do SSL validation at the UTM level.

Categories
Browser Browser extensions

Prevent 3rd-Party Apps from running in Firefox

With this little trick you prevent 3rd-Party Firefox Apps from intercepting your Browser, which allows to restrict certain functions. It works as some kind of isolation.

How to Disable Firefox Accessibility Services
Prevent accessibility services from accessing your browser (Browser Restart required).

The Negative Impact of using Firefox Accessibility Service

  • Impact Firefox browsing performance
  • Prevent web surfing monitoring/logging
  • Stability may be adversely affected
  • Instant and visible improvement in FF performance

Examples of Accessibility Services

Ability to inspect, monitor, visualize, and alter web page content hosted within Firefox.

Source

Categories
Browser extensions Tips and Tricks

How to use NoScript 10

NoScript (by Giorgio Maone) is one of the most popular security extension when it comes to Firefox, in this quick tutorial I talk about its basics and show some configurations to work with it on a daily basis.

logo-xmas
Official Logo (X-Mas Edition) Picture: noscript.net

 

Categories
Browser Browser extensions

Bookmark Checker suddenly flagged as Malware

The popular Bookmark Checker got today flagged by Google as malware without any reason, it’s unclear if it was really malware or not. Personally I used the extension for years and the source code was always clean. The Google Chrome Store points now to an 404 page.

Bookmark Checker
Now flagged as malware!