Tag Archive for: firefox

Firefox 4 and Two Quick Tips

24 Mar 2011
March 24, 2011

By now you’ve no doubt heard that Firefox 4 was released last week. I had used it through a few beta and release candidate releases and like it a lot. Here are a couple small tips that I thought I’d share. One specific to XP and the other to Windows 7 (and Vista?).

Firefox 4 on XP tip

At first, I wasn’t a huge fan of the redesigned menu but I’ve grown to like it, especially the amount of space it doesn’t take up. Here’s what it looks like on a Windows 7 machine:

Firefox 4 Menu on Windows 7

When I first installed it on my little XP laptop I was initially appalled. The bar was gone! Blah, it looked like the previous release:

Firefox 4 on XP -- old style menu

Fortunately, this is easily fixed. To get the snazzier menu, just go to View –> Toolbars and uncheck the “Menu Bar” option. Presto – problem fixed.

Firefox 4 on XP -- new style menu

Windows 7

When hovering over Firefox in the task bar, wouldn’t it be nice if it would show a thumbnail of all tabs, not just the current one? I sure thought so – and turns out it is just a checkbox away (assuming, of course, your operating system supports it).

Just go to Options and then the Tabs tab. Check the bottom option:

Firefox 4 - Show tab previews

Now hover over Firefox in the task bar:

Firefox 4 tab previews

From there you can click the tab you want to go to or even close them by hitting the little red “x”.

Search from the Address Bar

Bonus tip!

I’m not sure if this is a published feature or not, but I’ve noticed that I can type keyword searches straight into the address bar – instead of the search box – and it takes me to a Google search for those words. You know, like Chrome?

This doesn’t seem to be specifically listed on the Firefox Features page, but I sure like it. Also makes me think I could probably remove the search box altogether…

Facebook over SSL

28 Jan 2011
January 28, 2011

A few months ago I mentioned the firesheep extension for Firefox. This is a nifty/scary little critter that does some potentially scary stuff with respect to your social networking accounts.

Back when I wrote that post I mentioned one good way to protect yourself is to ensure you’re using SSL (https) when browsing the vulnerable sites.

This week the Facebook blog announced a new security option to force SSL when visiting your Facebook pages.

Starting today we’ll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the “Account Security” section of the Account Settings page.

Sadly, it isn’t on by default, but it is very simple to turn it on – I encourage all Facebook users to do so – especially if you’re using Facebook while “on the go” via open wireless networks. But even if you’re not using wifi, it is still a good practice to follow.

One welcome side-effect? FB chat now works over SSL. Up until this release, that never worked for me.

Firesheeple

31 Oct 2010
October 31, 2010

I’m a bit late to the party, but have you heard about Firesheep yet? It is an interesting Firefox plugin that makes what used to take a few keystrokes very very easy.

After installing the extension you’ll see a new sidebar. Connect to any busy open wifi network and click the big “Start Capturing” button. Then wait.

As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:

Double-click on someone, and you’re instantly logged in as them.

That’s it.

Chilling, yes?

The key there is “open wifi” network. Mostly (more on that down below).

See, too many sites have people log into their accounts using SSL but then let them use the site without necessarily staying with SSL. This allows you to get your HTTP cookie hijacked – also known as “sidejacked” – and if someone can snag that cookie they can become you on that site.

Brief note: Sidejacking is nothing new. I want to clarify that what makes Firesheep interesting is how easy it makes it.

Now I, personally, never use open wifi networks but this still has caused me to make a few changes to some of my saved bookmarks. For instance, I’ve updated all my Facebook bookmarks to be over SSL (changed them to https://www.facebook.com to be specific). (Facebook is just one example here, I’m not picking on them alone.) I’ve done the same for a few other key sites that I noticed were back to http after I signed in.

If I don’t use open wifi, why do I care? Two reasons really:

  1. While sidejacking is nothing new, Firesheep definitely makes it very easy to play with. The bar to entry is one the floor.
  2. If it works so well over open wifi I can’t help but wonder if it would work just as well with an ethernet hub. Suppose I put a hub on the office network between the firewall and the switches. Now, suppose I plug in my Firesheep equipped machine into that same hub. hey presto, I’m seeing all the traffic, just like open Wifi right? I have lots of old hubs – and I bet I’m not the only one.That scenario scares me a little.

If you can, run your traffic over SSL. While visiting your commonly used sites (that involve login credentials) see what happens when you change the http to an https. As Steve Gibson suggested in “Why Firesheep’s Time Has Come” (worth a read) you might consider the Firefox extensions of HTTPS Everywhere or Force-TLS.

A quick search for Chrome equivalents didn’t turn anything up so I’m open to suggestions there.

Oh, and if you have to use open wifi networks (Starbucks is often mentioned) and you have sites that don’t let you stay SSL you might be interested in FireShepherd. Kinda hardcore in a good way. [hat tip to Security Monkey on that one]

I Want Some Tab Candy

23 Jul 2010
July 23, 2010

I was starting to fear that only Google was innovating in the browser space, but this Tab Candy intro video shows that Mozilla is definitely still in the game. Check it out: