HTTPS Everywhere Available

The BETA version of HTTPS Everywhere has been released and is available as an Add-on for Firefox. This security Add-on encrypts your communications with many sites including: Google Search, Wikipedia, Twitter, Paypal and many others. For those folks who have worried about online banking this useful tool can make it a safe experience.

BrowserCheck

This Firefox add-on, which also works with other browsers such as Opera, Chrome and IE8, checks your installed browser plugins for outdated versions and allows you to easily download the newer version.

This security plugin to be a mini-Secunia PSI that just checks your plugins such as Adobe Flash, Shockwave Player and Quicktime. A very useful tool to do what normally is a very annoying job.

It is here: https://browsercheck.qualys.com

Gmail and WOT

If use the WOT Add-on for Firefox you may have noticed that the icons appear when you use Gmail not just when you use Google or Bing search engines. All those text advertisements are examined and catagorized as safe (green doughnut), questionable (yellow doughnut) or unsafe (red doughnut). Very nice!

Firefox Add-on Updates of Note

If you don't use these four Add-ons for Firefox (or Opera) then you suck:

Facebook Privacy Widget

This is a lovely Firefox Add-on that attempts to check and then offer to fix all your rogue Facebook settings. Krebs on Security reports on a study that found most of the Firefox crashes were do to crappy Facebook applications :(

Damn Yer Quiz, Facebook!

I thought Facebook was a means where by one could (virtually) keep in touch with loved ones, friends and colleagues? A place to share pictures and thoughts? Now it appears cluttered with quizzes, games and virus-filled applications. Yeech. Greasemonkey to the rescue!

What? Never used Greasemonkey? Hmmm . . . You do use Firefox, right? Check this previous post.

Firefox Plugs Microsoft Security Hole

If you use Firefox (and you should, imho) you have probably already seen a pop-up alert informing you that it is blocking Microsoft`s .NET Framework Assistant and Windows Presentation Foundation add-ons that were stealthily installed by Microsoft earlier this year.

This hole was supposed to have been fixed earlier by having users edit the Windows registry - but this idea stunk because editing the registry is potentially dangerous. Microsoft later released a simple point and click removal tool - except this left behind the Windows Presentation Foundation plug-in which is what was just killed by Mozilla.

So, the confusion up to now has been addressed by both Mozilla and Microsoft to remove both nasty bits. Whew!

Twitter Awareness

The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0

These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.

Now add smartphones and netbooks to the mix ;(

For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/

Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.

The Ultimate Greasemonkey Script

Oh baby! Where have you been all my life!

Greasemonkey has always been a killer add-on for Firefox. Little scripts that work within Firefox to address many of the issues folks have with various websites. Simple things like adding easy to print pages to sites that have so many graphic ads that printing was a paper and ink nightmare.

The problem was that one had to go to the giant repository of Greasemonkey scripts at Userscripts.org search for the one that might address your specific problem and install it.

Well, a new script called Greasefire does all this for you. Once installed the Greasemonkey icon appears, in a slightly different form then you are used to, in the Firefox taskbar.

From then on if you browse to a site that any Greademonkey scripts that are related to it the icon turns a lovely shade of red.

If you then right-click on the icon it will further inform you of how many scripts are available. In this case our example shows the enormous number of scripts available at the uber-geek site slashdot.org.

Clicking on the top line (the one indicating how many scripts are available) opens up a window giving descriptions of the scripts. Clicking the giant grey button on the right towards the bottom initiates the usual Greasemonkey install routine.

So, if you have not yet installed Greasemonkey and Greasefire get thee hence to Userscript.org and help yourself to some great Add-ons.

Firefox Greasemonkey Targeted

A new type of malware that collects passwords for banking sites is in the wild. In this instance it only targets Firefox browser through the popular Greasemonkey script. The malware uses JavaScript to identify some 100 financial web sites (including PayPal). It then harvests logins and passwords which are forwarded to a server in Russia.

So, short of disabling or uninstalling Greasemonkey your best defence is the usual: do not download anything, including Firefox add-ons, from any site other than Mozilla's, do not visit dubious sites located in dubious domains (such as .ru) and always have your firewall, anti-virus, router and brains active ;)

Aardvark

Website Problem Cured With Greasemonkey

A very interesting follow-up post today on Boing-Boing shows the power of the Firefox Greasemonkey extension. Yesterday the comment was bemoaning the ugly look and crappy interface at a US Library of Congress site. In the space of 24 hours a chap threw together a Greasemonkey script that fixed the problems.

Reminderfox

Very nice, simple reminder/calendar extension for those who need small and useful NOT large and pointless.