Tagged: Firefox

0 Day Java Exploit. How to disable Java in your browser.

A JRE exploit has reportedly hit the wild. Context here.  Some kind Redditor has posted instructions on disabling the JRE in various browsers:

  • In Firefox : Press Firefox button -> Add-ons, go to Plugins and click the “Disable” button next to anything named “Java”.
  • In Chrome : Type in: “chrome://plugins/” into the address bar (no quotes). Scroll down to Java and click disable.
  • In Opera: Type in “opera:plugins” into the address bar (no quotes). Scroll down to:
    • Java(TM) Platform <click on> Disable.
    • Java Deployment Toolkit <click on> Disable.
  • In Internet Explorer:
    • Disable UAC (if enabled) and restart.
    • Open the Java app in Control Panel.
    • Go to advanced tab.
    • Expand Default Java for browsers.
    • The checkbox next to IE is grayed out.  Select Microsoft Internet Explorer and press spacebar. Click OK.
    • You can re-enable UAC and restart now.

 

Return to Chrome

I used Chrome occasionally in the past.  I liked its speed but, at the time, was put off by its lack of customization.  I couldn’t surf without FireFox and its AdBlocking, XMarking, LastPassing, NoScripting powers.   Visiting the web without them was a jarring experience, akin to watching “real” television – like commercials, I’d gone so long without intrusive ads, popups, hijacks and javascript silliness that I forgot they’re out there.  And oh boy are they.

Fast forward a bit.  XMarks announces it’s going under.  Sadness ensues.  Switch to FireFox sync.  Fast forward a bit more.  FireFox begins releasing its beta builds of FF4.  Sync is built in.  4 seems delicious – and then I tried to manage my bookmarks.  Slow.  Painfully, mind numbingly slow.  Inoperable, in fact.  It seems that FF4 uses SQLite for its bookmark containment, and everything went into the shitter as of SQLite 3.7.x.

Meanwhile LastPass purchased XMarks (probably for a song, having waited until the 11th hour to do so) and Chrome has since opened up, finally supporting 3rd party plug ins.  Time to try again!

So far, so good.  Word of warning, however.  If you configure data sync in Chrome (Options > Personal Stuff > Sync) and you install XMarks, the two services will begin a bloody battle, duplicating and triplifrying your bookmarks.  From what I’ve sussed both of them insert a unique bit of unseen markup to each bookmark, effectively making them unique again and again and again.  Like this:

Xmarks: Hey!  I found a bookmark!  I’ll sync it and slip a date string in it!

GSyng: Hey! I found a bookmark with a funny date string in it!  It must be new – I’ll sync it and put my own bit of something in it!

Xmarks: Hey!  I found a bookmark that’s startlingly similar to the one I just synced, but it has a new little bit of something!  It must be different – I’ll add it and update its date.

GSync: Holy cow!  There’s a familiar looking bookmark – but that funny date string is different.  I should totally add that!

…and so on and so forth.  Long story short, only use one bookmark sync method lest you wind up like me, writing a script to identify and strip duplicates from your 5000 item large bookmarks list.

Safe(r) Surfing

I don’t do a whole lot online that really warrants anonymity, but I still don’t care for the idea of being watched.  Further, I’m no fan of the growing trend of linking logins, such as the ubiquity of Facebook, or of browser tracking.  Just because I’m not doing anything wrong doesn’t mean I don’t want privacy.  Regardless of the existence of darknets and freenet I don’t think there’s a way to really hide online if the right (or wrong) people really want to find you – but there are definitely ways to make it more difficult.

  1. Use Firefox (or, conversely, Chrome) and not IE.
  2. Install the Adblock Plus addon for Firefox.
  3. Install the NoScript addon for Firefox.  This one’s a pain in the ass to initially configure, but soon you’ll get used to it and find approving (and not approving) sites will become second nature.  NoScript not only covers your tracks, it prevents other nasties like malicious code execution and cross-site scripting.  You’ll be amazed to see just how many connections you’re actually making when you hit a single site.
  4. Install and use HotSpot Shield, a free IPSec VPN solution that masks your originating IP address and encrypts your traffic.  Bonus:  although HSS is ad-revenue based, you’ll never see a single banner pushed from it if you have the aforementioned Adblock Plus installed.  Good times.

There are other paid options for online anonymity as well as TOR – which is almost unbearably slow in its default configuration, not to mentioned riddled with its own dark corners and dangers – but the above represents the easiest free as in beer way to cover some of your tracks online.

Firefox Browser Cache

FYI – to set Firefox to check for a new version of a page at every visit:

  • Enter about:config in the address bar
  • Change the value of browser.cache.check_doc_frequency to 1