LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Blogs > arniekat
User Name
Password

Notices

Rate this Entry

Slackware-13.37-Hacks-Firefox 5 Hardening

Posted 07-01-2011 at 10:21 PM by arniekat

Mozilla-Firefox 5 Hardening

The current version of Firefox for Slackware 13.37 is mozilla-firefox-5.0 from the patches directory. Always use the latest version to get the latest security updates. Also, having a HOSTS file will block banners, ads, 3rd party cookies, hijackers and webbugs. The tutorial for the HOSTS file is listed separately.

See http://winhelp2002.mvps.org/hosts.htm

If you want to play Flash content, compile and install flash-player-plugin (10.3_r181) from SlackBuilds.org. I installed the plugin, then visited the Adobe Flash website so Adobe Flash will store a cookie on my computer. The Better Privacy extension is then used to secure Flash and delete the Flash cookies. More on that below.

Firefox Settings - These are the settings/addons I use for my Desktop. Remember that enhancing security means giving up some convenience and features, so adjust as necessary for you.

Go to Edit--Preferences

Click on the "Privacy" Tab

CHECK Tracking > Tell websites I do not want to be tracked

History > Firefox will Never Remember History

Click the "Clear All Current History" and a new dialog box will appear.
Time Range to Clear: Everything
Select all the boxes shown below and hit the "Clear Now" button
CHECK Browsing & Download History
CHECK Form & Search History
CHECK Cookies
CHECK Cache
CHECK Active Logins
CHECK Site Preferences

Location Bar > When using the Location Bar, suggest: Nothing

Click the "Security" Tab

Passwords > Remember passwords for sites UNCHECK

Click the "Advanced" Tab

General Tab > Browsing > Check my spelling as I type UNCHECK
General Tab > System Defaults > Always check to see if Firefox is the default browser on startup UNCHECK
Update Tab > Automatically check for updates to: Firefox UNCHECK
NOTE - Since you get your updated packages from Slackware, you don't need to check the Mozilla Website.
Update Tab > Automatically check for updates to: Add-ons UNCHECK
Update Tab > Automatically check for updates to: Search Engines UNCHECK

Click "Close"

The addons for Firefox are located at https://addons.mozilla.org/en-US/firefox/ You can also go to Tools--Add-ons from Firefox or click the shortcut CTRL+SHIFT+A You can install any of the following addons or all of them. These are the ones I use. When you click "Add to Firefox" a bar may come up at the top stating "Firefox prevented this site (addons.mozilla.org) from asking you to install software on this computer." You need to click "Allow" if you want it to continue. If you use the Tools--Add-ons menu entry to get these extensions, you can just click the "Install" button.

No Script 2.1.1.1 06/13/2011
http://noscript.net/
No Script allows you to disable Adobe Flash and Java Script on a per-website basis, it also has an anti-XSS filter and anti-Clickjacking protection. After restarting Firefox, you can change the Preferences, but I leave the defaults. Next to the URL Bar, you will see an "S". Put your cursor on the "S" and you can change the security setting on a webpage-by-webpage basis, such as your Banking or Stock Broker website, etc. I usually set it as "Allow all this page" for the sites I frequent.

BetterPrivacy 1.51 05/25/2011
http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm
NOTE - If you are going to use the flash-player-plugin-10.3_r181 from SlackBuilds.org, be sure to compile, install it, and visit a site with Adobe Flash videos so the directories will be created. Do this before you install the Better Privacy plugin.
Adobe Flash cookies are called Local Shared Objects (LSO) and they are stored on your computer by the Flash Plugin. If you have the Flash Plugin, you will have these so called "Super Cookies". Even if you set Firefox to delete cookies, Flash cookies will not be deleted. That is where Better Privacy comes in. It will delete these "Super Cookies" to keep others from tracking you. Better Privacy will also protect you from "DOM Storage" longterm tracking. After I install the Better Privacy extension, restart Firefox, go to Tools--Better Privacy A Better Privacy dialog box will come up and I make the settings as follows:

At the LSO Manager Tab under the Flash-Data Directory you should see /home/<username>/.macromedia (This is where your Flash Cookies are stored). Flash cookies have the extension *.sol You will see a settings.sol cookie and whatever other Flash Cookies are on your machine.

LSO Manager Tab > Click on Remove All LSO's

Options & Help Tab > Delete Flash Cookies on Firefox Exit CHECK
Options & Help Tab > Delete Flash Cookies on Firefox Exit > Always Ask UNCHECK
Options & Help Tab > Delete Flash Cookies on Application Start CHECK
Options & Help Tab > Also delete flashplayer default cookie. It stores flashplayer settings as well as all visited flash sites! CHECK
Options & Help Tab > On cookie deletion, also delete empty cookie folders CHECK
Options & Help Tab > Disable ping tracking CHECK

Click "OK" when you have changed the settings.

Ghostery 2.5.3 07/01/2011
http://www.ghostery.com/
Ghostery sees web bugs and other detecting tracking technologies and also allows you to see which companies have placed bugs on the webpage you are visiting. With Ghostery, you can learn about the company in question or just block the scripts, images and IFrames for your privacy.
After you install the Ghostery extension, you will get a browser webpage which is the Ghostery Configuration Wizard. I make the settings as follows:

Click "Get Started"

GhostRank UNCHECK
Click "Next"

Enable Alert Bubble CHECK (this will show you the websites with bugs on your webpage)
Click "Next"

Enable Library Auto Update CHECK (this will update the list of companies with webbugs automatically)
Click "Next"

Enable Blocking (and block all known trackers) CHECK
Enable Cookie Protection (Experminetal) UNCHECK
You will now see another dialog box which has a list of approx 518 bugs and 345 cookies. Check the top box to select all known bugs. I don't select the cookies since it is still experimental, but this is your choice.
518 bugs (check to block, click for more info) CHECK
Click "Next" and then you are finished with Ghostery configuration.

Adblock Plus 1.3.8 07/01/2011
http://adblockplus.org/
AdBlock Plus blocks adverts and banner ads. After you install the Adblock Plus extension, a webpage will open up which is the Adblock Plus Configuration Wizard. I make the settings as follows:

The Filter Subscription is required as it contains a list of the most common adware and banner sites. You can use the drop-down box to select a different subscription, but in my case I left the default "EasyList (English).
Click "Add Subscription"

At the lower left-hand corner of the browser, you will see a red octagon with the letters "ABP". You can left-click to see a menu that allows you to change preferences or see all the blocked items or even to turn off Adblock Plus for this webpage, etc.

Web of Trust - Safe Browsing Tool 20110323
http://www.mywot.com/
Web Of Trust shows you which websites you can trust by means of a traffic light type of system. You can also participate by rating websites yourself which get sent back to the Web Of Trust developers for inclusion in the tool.

Green = Safe
Yellow = Caution
Red = Stop

After installing it, you will need to accept the EULA if you want to use it.

You will now be at the WOT Settings webpage. You can select from one of the three following levels of protection:

1. Basic (recommended)
* Rating icons shown for sites
* Search results ratings shown in a popup

2. Light
* Ratings are only shown for poorly rated sites
* No popups

3. Parental Control
* Blocks access to sites that are not kid-friendly
* May cause slight delay in browsing

I keep the "Basic" Setting
Click "Next"

Now you are asked to register to get access to all the features. I choose not to register and click the X (Close) in the upper right-hand corner to close the dialog box. If you click "Finish" you will be nagged about the registration fields being empty.

When you are browsing the web, you will see the website ratings to the left of the URL. Left-click on the WOT button to see all the ratings of the webpage in question.

Cookie Monster 1.0.5 10/21/2010

Use Steve Gibson's site to check your browser's cookie storage policy
http://www.grc.com/cookies/forensics.htm?fge1u3320smeo

Firefox does not have a way to delete 3rd Party Session and 3rd Party Persistent Cookies which means these could potentially be stored on your computer.

Cookie Monster provides cookie management on a site or domain-level basis and it also includes 3rd party cookie management functions. After installing this plugin, you will see a "CM" at the lower right-hand corner of the browser. The default is to accept cookies. This tool is used to block websites from storing cookies you don't want. Left-click the "CM" button, select:

View Cookies > Show cookies for all sites
You can see all the cookies on your machine and delete them if you wish.
Remember that some sites may not function correctly if you disable the cookies!

When I used GRC's site to check my cookie status, these two actions block the cookies:

1st Party Session And Persistent Cookies
Left-click CM Icon > Cookie access (Site Level) > Reject cookies from www.website.com

3rd Party Session And Persistent Cookies
Left-click CM Icon > Third-Party Cookies > Reject cookies from www.somethirdpartywebsite.com
Posted in Uncategorized
Views 1230 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 03:44 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration