Category Archives: security

Link

Kim Dotcom: Your Data Isn’t Safe on Mega

Link

Researchers develop astonishing Web-based attack on a computer’s DRAM

Link

Why the fear over ubiquitous data encryption is overblown

A small collection of Firefox add-ons you can install to improve (a little bit) your privacy – Part 3

In the past two years the EFF – Electronic Frontier Foundation – has released a couple of add-ons specifically created to improve your privacy when you are on Internet. Just for a quick information, EFF is a no-profit organization specialized in, but not only, the defense of privacy and free expression in the contemporary “world of emerging technologies”.

The first interesting EFF add-on is HTTPS Everywhere that forces websites to provide https webpages also when you (better: your browser) asked for a “common” HTTP connection to their servers. This happens automatically and you don’t usually notice any delay in your navigation speed. HTTPS Everywhere is a precious add-on because it improves the number of “secured” connections when you are on Internet and decreases the risks of information leaking during Internet navigation. Moreover, this add-on is available not only for Firefox but also for Chrome and Opera and, at the moment, could be considered as the most versatile and -simple to use- tool you have to increase the use of HTTPS navigation. HTTPS Everywhere could not be considered as a bullet-proof privacy guarantee but it really does what he promises. Last but not least, it seems that if you adhere to their anonymous data collection about usage, you can really help them to discover false HTTPS certification disseminated through the web and contribute to a safer Internet.

If you want a little bit of security and think that every website should allow to connect through HTTPS, you should try HTTP Nowhere that blocks all the unencrypted web communications. As for what we described for Flash add-ons (Flash Control and Flash Block) the level of security depends on your choice. HTTP Nowhere is a more “radical” choice but, i any case, it can be widely configured to your needs. For example it allows you to create a whitelist of HTTP websites that will be never blocked. Moreover HTTP Nowhere can be configured to visit .onion websites through TOR.

In any case don’t forget that HTTPS connections are only relatively more secure than HTTP ones. As someone commented, HTTPS effective privacy depends on Certificate Authorities reliability and seriousness and, in some cases, HTTPS could be easily eluded.

The other EFF add-on I’d like to focus your attention is the Privacy Badger . This add-on has the same goals of the most famous Ad Block or Disconnect but it works in a different way. In fact its work is not based of previously compiled list the needs to be updated frequently but on an heuristic examination of trackers behaviour. It could be considered “democratic” because it doesn’t automatically ban trackers at all but analyzes if they are looking for your web habits or they are “just” recording your passage in a specific website. In this last case the Privacy Badger will observe their behaviour during your next navigation and, if they persist to track you, it will label them with different colours (green to yellow to red) blocking them when they become too intrusive for your privacy. The PRO is that also a brand new tracker -never reviewed by security advisers- will be promptly discovered and neutralized but the CONS is represented by the fact that also the most known intrusive tracker will be initially allowed to register your habits.

For its intrinsic features, the Privacy Badger could be added to Firefox as an extra barrier to fight trackers and improve your privacy. In the next post we will examine other add-ons that can be matched with it.

Link

Hacking Team Malware Hides in UEFI BIOS to Survive PC Reinstalls – Softpedia

A small collection of Firefox add-ons you can install to improve (a little bit) your privacy – Part 2

1 Reply

I already described the privacy concerns related to Flash files in the my last post about Firefox add-ons and privacy. Today I want to talk about some interesting Firefox add-ons that could be helpful to reduce privacy risks during Internet navigation.

The first add-on is Flash Control that “controls as and when to display the Flash player and the HTML5 player”. Another similar add-on is Flashblock that does not allow Flash player to send information about your computer until you will decide to allow it. Personally I prefer Flash Control that is very intuitive and you decide when and what to watch just clicking on the Flash icon in the middle of the player.

But, if you are a purist and you want to be able to control not only Flash player but also Javascript, SilverLight, images and proxies, QuickJava is what you are looking for. QuickJava is intuitive, easy to control and really effective.

In fact, you must not underestimate Javascripts that are dangerous too if you think that they are equally able to remotely discover many information about your Ip, User-Agent, Architecture, OS Language, System Time, Screen Resolution. Statistically, when you have all these details, you have semi-unique fingerprints of the computer… and so someone could be also able to know who are you. For this reason an add-on as Disable WebRTC is recommended because it blocks JavaScripts to access your local IP(s), without any user prompt.

References:

https://discourse.mozilla-community.org/t/support-flash-control/2479

http://flashblock.mozdev.org/

http://quickjavaplugin.blogspot.com/

https://addons.mozilla.org/it/firefox/addon/happy-bonobo-disable-webrtc/?src=api

Link

Post-Quantum Encryption No Longer A Laughing Matter

Link

Firefox’s tracking cookie blacklist reduces website load time by 44%

Once again about cookies, supercookies and Flash cookies… How to better protect Firefox, your Linux OS and.. you!

Leave a reply

In a previous post I already suggested to use HTTPS Everywhere and HTTPS Finder to better protect your privacy on the web. Today I would like to focus your attention on the privacy risks caused by cookies.

Some of them can track your internet activity also when you have logged off from the websites that created them. In few words, some cookies can actively support the creation of a quite punctual profile of your interests and share these information with third parties without you know if your data will be anonymised and correctly stored.

Internet tracking is actual and silent and antivirus software are not the best solution to manage them because every day new types of apparently harmless cookies and supercookies are created and spread into our computers. Cookies usually don’t directly affect your internet browsing but they are a real risk if you want to protect your privacy. A good VPN service (e.g. one that does not link your payment to your “new” assigned VPN IP) could be the best solution but flash cookies, evercookies (a particular type of zombie cookies which are able to geometrically clone themselves outside the original folder where they were stored) could reveal your IP and your habits, just after you disconnect your OS from the VPN shield.

To improve your privacy you can start to combine your VPN with some particular Firefox add-on as Self-Destructing Cookies (for the regular cookies) and BetterPrivacy which has been developed to “search and destroy” Flash cookies.

To improve your privacy, never forget that you can tune your Firefox Privacy settings also using Secure Sanitizer which wipe the browser cache in a stronger way than Firefox itself.

Last but not least, don’t forget to “waste” some minutes of your time and use BleachBit after every internet session or every time you shutdown your computer. Better to be slow than sorry!