Today I want to tell you about a great application for mozilla browsers called NoScript. This application can make your browsing safer by giving you control over what sites use your plugins, provides a great Anti-XSS protection, and can block/disable many annoying banner adds.
What is XSS protection? Cross Site scripting (XSS) can be used to create phishing attcks, fake websites that look real, by exploiting vulnerabilities. You can read about it here:
http://en.wikipedia.org/wiki/Cross-site_scripting
This is a free addon that has received many great reviews. I use it and am very pleased. It does takes a little getting used to. For instance, if you are trying to click a link or the page looks weird, remember that you have NoScript enabled. You will have to "allow" the link to work or page to load correctly. This is easy enough though. A right click on the mouse will reveal a NoScript option. You can read more about it and download it for free here:
http://noscript.net/
The function of NoScript is safety. It is not an ad blocker. Blocking adds is just a by product of it not allowing many scripts. If you are looking for somthing that is primaraly for ad blocking I would recomend Adblock Plus. You can add it to firefox with your addon manager or you can find it here:
https://addons.mozilla.org/en-US/firefox/addon/1865
Once it has installed it will ask you to apply filters, just click cancel and then go to this site to get the filiters directly:
http://easylist.adblockplus.org/
Just click the three packeges and the install is easy. Now, for facebook ads you need to go to this site and just follow the instructions. Its easy and takes 2 sec. You already have the Adblocker Plus instailed so you can skip to step 4.
http://ausbury.wordpress.com/2008/07/02/block-facebook-ads-in-firefox/
There you have it. No more provocitive or annoying adds on your computer. I hope that this was helpful and feel free to leave a comment.
Thursday, 31 July 2008
Monday, 21 July 2008
Privacy Please? part V
Its time to end this. Using all of these ideas will not guarantee you autonomy or privacy but it won’t hurt. Just browse smart and know that there are people out there who want to take advantage of you. Get into good habits. Some things that I do is set ALL my internet history to delete after each session, run my antivirus and spyware every night while I sleep, and use TOR when I post on this blog so none of you crazies could find me. Here are two good sites. The first is full of great reviews on freeware, the second is a pod cast done by some crazy smart people about general computers and security what nots.
http://www.techsupportalert.com/
https://www.grc.com/securitynow.htm
Also, being aware of laws and litigation relating to internet privacy is always a good thing. Let your senator/governor/president know that you care about your rights. One topic that’s still hot is Net Neutrality. Check it out: http://www.savetheinternet.com/
Thanks for reading. Hope you guys enjoyed the little series and learned something. Let me know what you think and if you have any questions I’ll do my best to answer them. Add to the noise of the 21st and leave me a comment!
Privacy Please? part IV
On the first part of this series, I talked about how email can get sent through tons of computers. Now I’m going to go into a little more detail to prove that fact.
Tracing your email:
Emails keep a record of all the computers that they pass through in order to get to your machine. You can see this by looking at the internet headers. If your using outlook, double click on a message to bring it up. Then click the options menu and you can see it under “Internet Headers”. Or left click on the message and click on properties. If you still don't see it, go to the advanced tab in properties and try to see it there. If you are using something other than outlook, then I’m not sure how you can find it but it should be available. Just look through the mail program you use or try to find it using a help window.
When you are looking at the internet headers, you will see a list of IP address (xxx.xxx.xx.xxx. or whatever). The last one that says, “received by” is the one that sent the message. You can now take that IP address and trace it using the command prompt.
To open the command prompt typed “cmd” in the start menu or the run command. A little black box will show up transporting you back to the 80s. Type in “trace rt xxx.xxx.xxx.xxx” the x’s being the last IP address in your internet header. Then press enter. When the computer is done, it will give you another IP address. This is a final IP address that it received when tracing the one that you put in. In other words, the IP address output is the IP address of the computer that actually sent you the message. Now, take that address and put it in www.ipgp.net to see where it came from in the world. Neat huh!?
Now what!?
Now that you know how many computers your email goes through, it’s time to do something about it. Encrypt your emails! Most all email clients can do it and people should be doing it all the time. You will need to get a certificate, something that says, “I am me. I promise.” This way, people will know that it is actually you send messages and not a fraud. You can get a certificate for free from COMODO at http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html . It is easy to install and use.
Once you get your certificate, you can now encrypt your email to others that you have a certificate from. If you use gmail, you can use a program with firefox that will let you send encrypted messages right in Gmail. You can get it here http://richard.jones.name/google-hacks/gmail-smime/gmail-smime.html . Tell all your friends and co-workers so you can start sending messages that those IT guys at he office can’t read any more.
More Encryption
So encrypting emails is great, but what if someone is sitting at your terminal? What will you do then? No problem. There is a program called AxCrypt that will help you out. You can get it here: http://www.axantum.com/AxCrypt/ . Its easy to use and installs right into the shell, so all you have to do is right click a file and select to encrypt it using AxCrypt. Use this program and share a passphrase with people you send messages to, or make a passkey. Its really a neat program and, as always, free.
Manage your passwords with it! Make a file in notepad with all your passwords you use, then encrypt it with a passkey on a flash drive or something. Now you don’t have to worry about remembering them all and they will be safe on your computer when you forget.
Ok, this one ran long. Next Ill bring it to a close for this series. Thanks for reading and please leave a comment. Let me know if anything is helping ya out or if you have questions about anything.
Privacy Please? part III
Things are out there that will harm your computer. Arm yourself with good software and knowledge. Hopefully this post will help.
Antivirus:
There are many antivirus softwares (AV) out there so how do you know which one to pick? It is my recommendation to go with the free ones. 1) Because there free, duh. 2) Because there just as good, and maybe better, than some of the ones that you would pay for. Don’t you wish there was a place to go to read about and compare all the AV’s out there? BOOM:
Check out that site and this one: http://www.av-comparatives.org/
I recommend Avira AntiVir which is found at http://www.free-av.de/ just click the big silver button on the right. There is only one pop up that you have to deal with every time it updates. No big deal.
Spyware:
This is the stuff to get those nasty tracers and other spying type programs out of your computer. I would go with http://www.superantispyware.com/ . It may look like some cheap scam, but its free and has received really good reviews.
Ok, if you have read the other post, then you are now set with the basics. Now I’m going to talk about some other things that are not so common but can help you stay protected.
IP Address Hiding:
Hiding your IP address can help you stay anonymous when visiting websites or using other programs. Your IP Address is an address for your computer on the web. If people know your address in real life they can find your house and the same is true in the computer world. If people know your IP address they can actually find your physical location in the world. Check out the first post for some links that will show you your IP address and location. (most of the time the location will be that of your ISP).
There is a program that I know of (also free) that will hide your IP address by using what’s called Onion Routing. It’s a technique that, basically, sends your request for a site form another computer in the world instead of your computer. It also encrypts the information sent in the process. The program is called TOR and can be found here: http://www.torproject.org/
There is also more information on there about how it all works. I recommend using it with FoxyProxy, a firefox addon. This will make it easy to turn the tor on and off and set it up to use with your browser. There are simple instructions to follow when you install FoxyProxy and for more in-depth use, the site itself has good forums and walk through. It can all be found here: http://foxyproxy.mozdev.org/downloads.html
Next post I’ll talk some about encryption and give some good links to bookmark. Thanks for reading! Leave me a post and tell me what you think, I want to hear it.
Privacy Please? part II
If you want to have your privacy and use the internet…well, you can’t. Somewhere down the line, you are going to have to trust somebody with your info. However, there are steps to take to make sure that your info is not getting stored and to keep your computer safe while browsing. Let’s start with the basics:
Browser History: Delete it all after each session. You don’t need all that junk on your computer!
Companies will put cookies on your computer to track your browsing. One solution to this is to not allow cookies on your browser. This can be accomplished easily on most browsers if you go to tools>options and search around there. You will quickly notice though that most sites will not let you look at them if cookies are disabled. How convenient. My best advice is to just delete all the cookies when you are done browsing. This is also done on most browsers by going to tools>options. Often times you can set settings to delete them automatically.
While you’re at it, delete all that cache too. Cache files are downloaded pictures and such from web pages. This means the next time you go a website, the pictures are already there on your computer making the loading time of the page faster. I for one don’t really care about loading a web page 1 sec faster so I just delete it all. Connections these days are fast enough were caching is not really needed for web pages, IMO.
Use the most current web Browsers: Stay a step ahead of the bad people.
Newer browsers have the most up to date defenses built into them. Defenses against phishing attacks (fake websites that look like trusted ones, like your bank webpage) harder work arounds, and other things. It’s best to stay up to date. Firefox 3 is the newest browser and IMO the best one out right now. I would recommend it to anyone. Check it out here www.firefox.com
Change those passwords:
There are things out there call key loggers that are watching what you type in. If you have the same password for everything that you do, it makes it easy for people to find out what it is. Once they do find it, they’ll have access to your whole life. So, have different passwords for everything and change them often. I’ll talk about a good way to remember them all later.
Be aware: Don’t be stupid, use some of common sense.
You’ve got eyes, use em! Look at the page you are logging on to. Does it seem like a scam? If you’re not sure, do a quick search of the website or organization and see what others are saying. Also, be on the lookout for https:// sites in the browser bar. These are your best friends. https means that the website is encrypting the data so that only your machine and the final receiver know what was sent. This prevents the other computers caught in the middle from being able to read the information. Reading some of the End User Licenses Agreements isn’t a bad idea either.
These are some of the basics. I’ll write a post later about some more basic utilities and some nifty things that you can do to keep an eye on your machine. Thanks for reading and post a comment!
Sunday, 20 July 2008
Privacy Please?
The internet can be a dangerous place. Information that we send out over the internet is processed through many different computers before it actually gets to where it is going. For instance, when I send an email it goes through 5 or so computers before it gets to where I was wanting to send it. Similarly, when you log into your bank account or other sites, that info is just jumping around, from computer to computer, waiting to be intercepted before it gets to its final destination. This is the nature of the beast, a web of computers all connected. It is great for communication, but not so great when you want something to be private.
In addition to your information getting stolen or intercepted, it is also getting stored. Every time you do something on the internet, computers are logging your every move. They are tracking your behavior. Jim living in CA went from website site X to website Y at 3:10pm by clicking this link. He then stayed there for 20 min and spent time looking at B. Then he went to Google and searched Z. And so forth. The people logging you are not some hackers out to steal your identity (though it could be) it is the corporations. Corporations want to know everything about you so they can market their products to you in such a way that it is impossible for you not buy them. Do you think that Google or Yahoo sits on their hands when they have the surfing habits of millions at their fingertips? Of course they don’t! They sit there, collect all this data, and then sell it to the highest bidder. They are making money off just watching you.
A good example is the YouTube Viacom lawsuit that is going on. Viacom wanted all the user information YouTube had so they could see how much traffic the copyrighted material was receiving. The judge granted the request and YouTube had to turn it all over to Viacom. This quote found here http://news.cnet.com/8301-10784_3-9983511-7.html is about the issue, “However, the judge granted a Viacom motion that records of every video watched by YouTube users, including their login names and IP addresses, be turned over to the entertainment giant.” It is scary that a judge can sit there and make YouTube do this with no consistent by any of its users. It is even scarier that YouTube has records of all this though! Why is YouTube tracking all this info! Just delete it or let a user decide if they want it kept! They keep it so they can make money.
Now, most of this information is kept private and a lot of information can’t be traced back to the person who actually did it. However, that is putting a lot of trust in a company. You might say, “I can trust Google.” But what is Google!? It’s just a company that is made up of many people and if you trust “Google”, then you are saying that you trust all the employees of Google. How do you know that some disgruntled IT person won’t steal all the info that Google has and then sell it to someone else? You don’t. Same goes for internal controls, security processes, and the list could go on and on. We, the people, just don’t know. I used Google in this example, but really, just fill in the blank. Going back to the YouTube Viacom thing, they said that IP addresses were given to Viacom too. That is personal info, your IP address can tell people exactly who you are and where you live. Just check out www.ipgp.net or www.ip-adress.com . Your ISP is another company that you must have a lot of trust in too. Everything you do on the net is going through them.
Do you see where this is going? Everything out there is up for grabs. How ethical do you think these companies are? How safe is what you are sending over the web?
This is a long post so I’m going to break it up, like a little series or something. Next Ill give you some tools and advice to help keep your info your info. Comments are welcome! If you have a story to tell about identity theft, the insecurity of the internet or just have some criticisms let’s hear it!
Subscribe to:
Posts (Atom)
