Posts Tagged Firefox

The importance of HTTPS login pages – Session hijacking fits in a pocket now

You should always prefer SSL-encrypted (HTTPS) login pages on sites over non-SSL (HTTP). Why?

Session hijacking is why.

First, let me [very briefly] explain the difference for the unfamiliar. SSL stands for Secure Sockets Layer and it’s the encrypted, secure version of HTTP, the protocol that loads web pages. Normal web access is over unencrypted HTTP (the http:// part of the web address) and secure access is over HTTPS (the https:// in front of the address bar). In the most basic terms, the extra ‘s’ stands for ‘secure’.

Some screenshots using Firefox:

Normal (unencrypted) session:

Secure (encrypted) session:

So why am I bringing this up? Because I got a chance to play with an app for Android that claimed to allow one to “capture” login sessions over wireless connections.

How does it work? Well, without going into too much detail you simply connect your Android-powered device running this application to a wireless network and it just sits and listens for login data and captures it. I sat down with the app a few minutes ago, put it on my network, and logged in to various sites. You know what? It worked. I was able to capture several logins in just a few minutes and log in to those sites from my mobile device without needing the password. Among those captured were my Facebook and Google login. Note that I had to disable HTTPS logins on Facebook to get it to capture. The encryption provided by HTTPS is enough to prevent this type of hijack from working.

That means that Joe Blow sitting two tables away from you at Starbucks with his phone in his pocket could be capturing your Facebook, Amazon, or other login credentials while you’re casually surfing the web and sipping coffee.  This could also mean that your neighbors unsecured wireless network, which you’ve been casually using to avoid paying for your own, could be silently capturing your login details. This also means that if your own wireless network is unsecured, you’re leaving yourself open to this type of attack.

Note that this worked even though my network is WPA2 secured: I just had to enter the wireless key to connect to the network.

I’m not going to mention the name of the app, though it is available in the Android Market and does require a rooted phone, so if you want to go play with it you have to find it on your own. I’m also not encouraging stealing other people’s identities. As far as I know it’s a Federal crime. :) I’m writing this to make people aware that they should:

  • Use HTTPS login pages whenever possible.
  • Avoid using unsecured wireless networks.
  • Secure your own wireless network and be aware of who you share the key with.
  • Change your own wireless key from time to time if you share it.

Have a nice day :) As always, feel free to share your comments below!

Advertisements

, , , ,

Leave a comment

How to export your Firefox bookmarks to Google Chrome

Having been frustrated by some of the recent regressions in Firefox 4, particularly those involving Flash graphs, I’ve picked up Chrome and so far couldn’t be happier.

Moving my bookmarks over wasn’t too hard either. Here’s how to do it.

In Firefox 4, click Bookmarks > Show All Bookmarks (or press Ctrl-Shift-O)

Then choose Import and Backup > Export HTML…

Save that file somewhere you can find it for the next step.

Now, in Chrome, open the Bookmark Manager. You can find it by clicking the wrench icon, then Bookmark Manager.

Now choose Organize > Import Bookmarks from the Bookmark Manager and import that HTML file you just exported from Firefox.

Readers may also want to consider trying the free service Xmarks, which features automatic bookmark syncing across multiple browsers using a plug-in. Supports Firefox, Chrome, Internet Explorer, and Safari (Mac OS).

This was done using Firefox 4.0.1 and Chromium Browser 10.0.648.205 (81283) on Ubuntu 11.04. Questions, comments, and feedback are welcome and appreciated!

, , , ,

6 Comments

Day two with Ubuntu Unity: Mixed impressions

It’s day two with Ubuntu Natty, and while I’m impressed, I’m also somewhat annoyed. The sum of changes that came down in 11.04 have me asking “Why?” Here’s a list of some of the pros and cons I’ve seen so far in Ubuntu Natty with Unity:

Pros:

  • The Unity Launcher has ‘keep in launcher’, which can be good for apps that you want 1-click access to.
  • It seems that Unity has a great deal of respect for screen space: moving all the menu bars to a single location, making the notification area smaller, and auto-hiding the Unity launcher all help you get the last bit out of your screen real estate.
  • Holding the Windows key shows keyboard shortcuts for the items in the launcher, allowing hot-key access to them.

Cons:

  • Navigation can be cumbersome. Things are not where you expect them to be, and in some cases, are simply not there anymore.
  • The context-sensitive menu bar puts menus out-of-reach on larger monitors, and potentially on multi-monitor setups.
  • Navigation seems less intuitive than Gnome 2.
  • Any 1-click ‘view desktop’ / minimize all windows functionality is gone.
  • Adding too many items to the launcher can cause it to scroll.
  • There’s no way, that I can see right now, to edit the “shortcuts” that appear in the ‘dash’.
  • Some programs do not iconify to the launcher correctly.

I’m also seeing a handful of mixed bugs in Synaptic Package Manager, Empathy, and the Unity launcher itself.

The release of Ubuntu with Unity and Firefox 4 (which causes regressions in several websites) leads me to the opinion that this is perhaps the most drastic change with the most negative user-facing experience that I’ve seen to-date with Ubuntu. I’m confident that the Ubuntu developers will work quickly to resolve these issues, but I think a lot of these issues should have been fixed prior to release.

As an alternative, the GNOME interface is still available. If you want to use the GNOME interface, you have to make a settings change at the log in screen. After selecting your user name, and before entering your password, change “Ubuntu” to “Ubuntu Classic” using the session changer at the bottom of the screen.

Also, Windows users just got Firefox 4.0.1 which includes a lot of security fixes. While some of them are Windows-specific, Firefox 4.0.1 is still not yet available for Ubuntu Natty. This is something I think should be made available as quickly as possible. UPDATE: To Ubuntu’s credit, Firefox 4.0.1 came down today via update manager. :)

These are a few of the issues and annoyances I’m having with the Unity interface. Do you have any to share?

, , ,

2 Comments

Installing Skype on Ubuntu (or Debian) with updates for Skype URLs

This how to will show you how to install a Skype client in Ubuntu & Debian base operating system.

1. First of all you need to start up Synaptic Package manager. Go to System->Administration->Synaptic Package Manager

2. From Synaptic, go to Settings->Repositories. Click on Other  Software Tab. Check the box next to Canonical Partners.

3. Click Close, and Click ‘Reload’ at the top of Synaptic. Now you can locate Skype and install it from Synaptic or Ubuntu Software Center.

Now to install skype-action-handler to handle skype: URLs:

Download and install the Skype Action Handler
http://search.cpan.org/~ecarroll/Net-DBus-Skype-0.02/script/skype-action-handler (direct download link) and extract.

In a console, navigate to extracted files directory and run these as root:

perl Makefile.PL
make
make test
make install

For Mozilla (Firefox)
* Open Mozilla (Firefox)
* Type about:config in the address-bar to open the configuration editor.
* Use the scroll bar to navigate to the network.protocol… section.
* Check if the network protocol section includes a network.protocol-handler.app.skype key.
* If a key exists, edit it. If no key exists, create a key by right-clicking on any key and selecting New -> String from the pull-down menu.
* Enter network.protocol-handler.app.skype as the key name.
* Enter /usr/local/bin/skype-action-handler as the key value.

### For GNOME-aware browsers (Epiphany, Firefox 1.5)
Run the following two commands:

/usr/bin/gconftool-2 -s -t string /desktop/gnome/url-handlers/skype/command '/usr/local/bin/skype-action-handler "%s"'
/usr/bin/gconftool-2 -s -t bool /desktop/gnome/url-handlers/skype/enabled true

Thats it – Test Call should work in Firefox. UPDATE: Except, it doesn’t work here. I can’t give you a valid link because WordPress keeps eating it. :\ But, try this yourself in an html file:

skype:echo123?call

To undo the above gconftool key changes, you may run the following:

gconftool-2 --recursive-unset /desktop/gnome/url-handlers/skype

Original post by thestudio53 at http://blogs.skype.com/linux/2006/08/making_skype_links_work.html. Rewritten with updates for Ubuntu 10.04 and information from http://ubuntuforums.org/showthread.php?t=449543

Questions, comments, and feedback are welcome. Please share your experience with this so I can improve the guide. Thank you.

, , , , ,

11 Comments

LastPass Toolbar Black and Unreadable in Firefox

I’ve been in contact with the LastPass team regarding an issue where the LastPass toolbar pop-up is completely blacked out and the text is not readable in Firefox.

lp_toolbar_black

Click for larger image

After some troubleshooting, what I found what that it’s related to the Ubuntu theme.

I was able to reproduce the issue using both Ambiance and Radiance, but the issue went away changing to any other theme.

Themes are accessible by going to System > Preferences > Appearance.

UPDATE: It seems that this is specifically related to the tooltip background color.

Going to Theme > Customize > Colors and changing the tooltip background color solves it.

1 Comment

Ubuntu / Firefox / Incorrect font display (wrong style, no bold, no underline, etc)

Users of Ubuntu and Firefox may notice after installing some applications that fonts no longer appear correctly in Firefox (though they may appear correctly in some Java, etc, apps). Such issues include:

  • No bold
  • No other styles (italics, etc)
  • Wrong font / size

This seems to happen when the packages ttf-symbol-replacement and ttf-tahoma-replacement are installed. Simply uninstalling these two packages should resolve the issue.

,

Leave a comment

Flash does not respond to user input (Ubuntu 64-bit, Adobe Flash, Compiz)

You will find that if you are running the 64-bit version of Ubuntu and installed flashplugin-installer or flashplugin-nonfree, that flash controls in Firefox do not work when Compiz is enabled. To fix this, install Adobe’s 64-bit flash plugin.  Credit goes to http://ubuntuforums.org/showthread.php?t=1319541 (March 14th, 2010) for the solution that worked for me:

sudo apt-get remove flashplugin-installer flashplugin-nonfree mozilla-plugin-gnash
cd /tmp
wget 
tar xf libflashplayer-10.0.32.18.linux-x86_64.so.tar.gz
sudo mv libflashplayer.so /usr/lib/mozilla/plugins/

, , , , , , ,

Leave a comment