Tag Archives: Firefox

End of Privacy: Herding Firesheep in Starbucks

There’s been a lot of talk about Firesheep, a free Firefox extension that collects data broadcast over an unprotected Wi-Fi network without using SSL. You turn it on, and by default it collects cookies for Facebook, Twitter and 24 other sites. Then you can sidejack the account and gain access under the acquired identity.

[…]

I thought I’d spread the word and help some laymen out after work. There’s a large Starbucks (SBUX, Fortune 500) near my apartment. I dropped in, bought some unhealthy food, opened my laptop and turned on Firesheep.

Less than one minute later, there were five or six identities sitting in the sidebar. Three of them were from Facebook.

via End of Privacy: Herding Firesheep in Starbucks – Dec. 14, 2010, h/t Schneier.

Internet Explorer Leads on Malware Security

Is it possible, that we will, one day, choose IE for its security features?

A malware security report by NSS Labs found Windows Internet Explorer 9 beta caught an “exceptional” 99 percent of the live threats, leading the non-IE pack by 80 percent. Mozilla Firefox 3.6 caught 19 percent of the live threats, down 10 percent from the NSS Labs test conducted in the first quarter of 2010. IE9’s protection includes SmartScreen URL filtering, which is included in IE8 as well as SmartScreen application reputation, which is new to IE9.

via Internet Explorer Leads on Malware Security: Report – Midmarket – News & Reviews – eWeek.com.

Adobe Flash Player on OpenSolaris

Getting Flash to work with Firefox on OpenSolaris was fairly simple.

NOTE – this installs the plugin for all users.

  1. First, download the Flash plugin package from Adobe – Adobe Flash Player.
  2. I prefer to unzip anything I’m about to install to /usr/src
    cd /usr/src
  3. Unpack the plugin
    sudo tar zxvf /path/to/flash_player_10_solaris_x86.tar.bz2
  4. Find the Firefox plugins directory
    find / -name plugins
  5. Copy the Flash library to that directory
    sudo cp flash_player_10_solaris_r45_2_x86/libflashplayer.so /usr/lib/firefox/plugins/
  6. Restart Firefox, and verify that Flash works.

AdBlock Plus on OpenSolaris with Firefox 3.1 Beta 3

While trying to install AdBlock Plus on Firefox 3.1, I encountered an error similar to this guy:

Firefox: Firefox could not install the file at ‘URL’ because: Signing could not be verified.

I was able to follow those steps, but with a bit of variation:

  1. Made a temp folder
    mkdir /tmp/adblock
  2. Get the extention (I copied the URL from the failed install error message):
    wget https://addons.mozilla.org/downloads/file/74835/adblock_plus-1.1.3-fx+sm+tb+fn.xpi?src=api --no-check-certificate
  3. Unzip the package:
    unzip adblock_plus-1.1.3-fx+sm+tb+fn.xpi
  4. The first bit of output showed the RSA file he looks for in Step 5:
    Archive:  adblock_plus-1.1.3-fx+sm+tb+fn.xpi
    inflating: META-INF/zigbert.rsa
  5. Search for the Certificate Authority info:
    mikes@nerdherd-opensol:/tmp/adblock$ strings ./META-INF/zigbert.rsa | egrep -i "sign|cert"
    "Secure Digital Certificate Signing1806
    $StartCom Verified Certificate Member1
    "Secure Digital Certificate Signing1)0'
    StartCom Certification Authority
    Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://www.startssl.com/policy.pdf0c
    4http://www.startssl.com/certs/sub.class2.code.ca.crt0#
    "Secure Digital Certificate Signing1)0'
    StartCom Certification Authority0
    "Secure Digital Certificate Signing1806
    "Secure Digital Certificate Signing1)0'
    StartCom Certification Authority
    &http://cert.startcom.org/sfsca-crl.crl0'
    #http://cert.startcom.org/policy.pdf05
    )http://cert.startcom.org/intermediate.pdf0
    AStartCom Class 2 Primary Intermediate Object Signing Certificates0
    "Secure Digital Certificate Signing1806
  6. Unlike his Step 7, in Firefox / Preferences / Advanced / Encryption / View Certificates / Authorities, that cert wasn’t listed.  So I imported it.
  7. Click the Import button on the Authorities tab.  Browse to the /tmp/adblock/META-INF folder created when AdBlock was unzipped.
  8. Change the file type selector from Certificate Files to All Files; select zigbert.rsa; click Open.
  9. Check the box, “This certificate can identify software makers.”
  10. Click OK until enough dialog boxes are closed that you can re-try the AdBlock Plus install.

It then installed without issue.  Restart Firefox to enable the add-on.