LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Blogs > arniekat
User Name
Password

Notices

Rate this Entry

Slackware-13.1-Hacks-Firefox Hardening

Posted 02-13-2011 at 09:55 PM by arniekat

Mozilla-Firefox Hardening

The current version of Firefox for Slackware 13.1 is mozilla-firefox-3.6.13 from the patches directory. Always use the latest version to get the latest security updates.

If you want to play Flash content, compile and install flash-player-plugin (10.3_d162) from SlackBuilds.org. The older versions had some serious security issues. I installed the plugin, then visited the Adobe Flash website so Adobe Flash will store a cookie on my computer. The Better Privacy extension is used to secure Flash and delete the Flash cookies. More on that below.

Firefox Settings - These are the settings/addons I use for my Desktop. Remember that enhancing security means giving up some convenience and features, so adjust as necessary for you.

Go to Edit--Preferences

Click on the "Privacy" tab
History > Firefox will Never Remember History
Click the Clear All Current History and select all the boxes and hit the "Clear Now" button
Location Bar > When using the Location Bar, suggest Nothing

Click the "Security" tab
Passwords > Remember passwords for sites UNCHECK

Click the "Advanced" tab
General > Browsing > Check my spelling as I type UNCHECK
Update > Automatically check for updates to Firefox UNCHECK
NOTE - Since you get your updated packages from Slackware, you don't need to check the Mozilla Website.

Click "Close"

The addons for Firefox are located at https://addons.mozilla.org/en-US/firefox/ You can install any of the following addons or all of them. These are the ones I use. When you click "Add to Firefox" a bar comes up at the top stating "Firefox prevented this site (addons.mozilla.org) from asking you to install software on this computer." You need to click "Allow" if you want it to continue.

No Script 2.0.9.7
http://noscript.net/
No Script allows you to disable Adobe Flash and Java Script on a per-website basis, it also has an anti-XSS filter and anti-Clickjacking protection. After restarting Firefox, you can change the Preferences, but I leave the defaults. On the lower right-hand corner of the browser, you will see an "S". Put your cursor on the "S" and you can change the security setting on a webpage-by-webpage basis, such as your Banking or Stock Broker website, etc. I usually set it as "Allow all this page" for the sites I frequent.

BetterPrivacy 1.48.3
http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm
Adobe Flash cookies are called Local Shared Objects (LSO) and they are stored on your computer by the Flash Plugin. If you have the Flash Plugin, you will have these so called "Super Cookies". Even if you set Firefox to delete cookies, Flash cookies will not be deleted. That is where Better Privacy comes in. It will delete these "Super Cookies" to keep others from tracking you. Better Privacy will also protect you from "DOM Storage" longterm tracking.
After I install the Better Privacy extension, I make the settings as follows:

At the Addon dialog box, select Better Privacy Addon, then Preferences
At the LSO Flash-Data Directory you should see /home/<username>/.macromedia (This is where your Flash Cookies are stored)
I usually visit a Flash Site after installing the Flash Plugin so these directories will be created and then I use Better Privacy to delete them. Flash cookies have the extension *.sol You will see a settings.sol cookie and whatever other Flash Cookies are on your machine. The follwing will remove all the Flash cookies.

LSO Manager Tab > Click on Remove All LSO's

Options & Help Tab > Delete Flash Cookies on Firefox Exit CHECK
Options & Help Tab > Delete Flash Cookies on Firefox Exit > Always Ask UNCHECK
Options & Help Tab > Delete Flash Cookies on Application Start CHECK
Options & Help Tab > Also delete flashplayer default cookie. It stores flashplayer settings as well as all visited flash sites! CHECK
Options & Help Tab > On cookie deletion, also delete empty cookie folders CHECK
Options & Help Tab > Auto delete DOMStorage file CHECK
Options & Help Tab > Disable ping tracking CHECK

Click "OK" when you have changed the settings.

Ghostery 2.4.2
http://www.ghostery.com/
Ghostery sees web bugs and other detecting tracking technologies and also allows you to see which companies have placed bugs on the webpage you are visiting. With Ghostery, you can learn about the company in question or just block the scripts, images and IFrames for your privacy.
After you install the Ghostery extension, you will get a dialog box which is the Ghostery Configuration Wizard. I make the settings as follows:

Click "Get Started"
GhostRank UNCHECK
Click "Next"
Enable Alert Bubble CHECK (this will show you the websites with bugs on your webpage)
Click "Next"
Enable Blocking (and block all known trackers) CHECK
You will now see another dialog box which has a list of approx 340 bugs. Check the top box to select all known bugs.
340 bugs (check to block, click for more info) CHECK
Click "Next" and then you are finished with Ghostery configuration.

Adblock Plus 1.3.3
http://adblockplus.org/
AdBlock Plus blocks adverts and banner ads.
After you install the Adblock Plus extension, you will get a dialog box which is the Adblock Plus Configuration Wizard. I make the settings as follows:

The Filter Subscription is required as it contains a list of the most common adware and banner sites. You can use the drop-down box to select a different subscription, but in my case I left the default "EasyList (English).
Click "Add Subscription"

At the upper right-hand corner of the browser near the Search Engine, you will see a red octagon with the letters "ABP". You can left-click to see a menu that allows you to change preferences or see all the blocked items or even to turn off Adblock Plus for this webpage, etc.

Web of Trust - Safe Browsing Tool 20100908
http://www.mywot.com/
Web Of Trust shows you which websites you can trust by means of a traffic light type of system. You can also participate by rating websites yourself which get sent back to the Web Of Trust developers for inclusion in the tool.
Green = Safe
Yellow = Caution
Red = Stop
After installing it, you will need to accept the EULA if you want to use it.

You will now be at the WOT Settings dialog box. You can select from one of the three following levels of protection:

1. Basic (recommended)
* Rating icons shown for sites
* Search results ratings shown in a popup

2. Light
* Ratings are only shown for poorly rated sites
* No popups

3. Parental Control
* Blocks access to sites that are not kid-friendly
* May cause slight delay in browsing

Click "Next"

Now you are asked to register to get access to all the features. I choose not to register and click the X in the upper right-hand corner to close the dialog box. If you click "Finish" you will be nagged about the registration fields being empty.

When you are browsing the web, you will see the website ratings to the left of the URL and to the right of the Home button. Left-click on the WOT button to see all the ratings of the webpage in question.
Posted in Uncategorized
Views 4639 Comments 2
« Prev     Main     Next »
Total Comments 2

Comments

  1. Old Comment
    there are also java settings a user can set. I believe you could have a LSO in java code cached on your computer.

    Open jcontrol (Java Control Panel)

    General Tab > Temporary Internet Files box > Settings
    Uncheck Keep temporary file on my computer


    under the Advanced Tab > Security Section there seems to be some useful settings for the extra paranoid. As well as JRE Auto-Download
    Posted 02-14-2011 at 10:23 AM by lumak lumak is offline
  2. Old Comment
    Thanks for sharing the add on list. Never seen Ghostery before but going to give it a try.
    Posted 06-19-2011 at 04:36 AM by hyperhead hyperhead is offline
 

  



All times are GMT -5. The time now is 03:14 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration