How You Can Be Infected via Your Browser and How to Protect Yourself

In a perfect world, there would be no way for your computer to be infected via your browser. Browsers are supposed to run web pages in an untrusted sandbox, isolating them from the rest of your computer. Unfortunately, this doesn’t always happen.
Websites can use security holes in browsers or browser plugins to escape these sandboxes. Malicious websites will also try using social-engineering tactics to trick you.

Insecure Browser Plugins

Most people that are compromised through browsers are compromised through their browsers’ plugins. Oracle’s Java is the worst, most dangerous culprit. Apple and Facebook recently had internal computers compromised because they accessed websites containing malicious Java applets. Their Java plugins could have been completely up-to-date – it wouldn’t matter, because the latest versions of Java still contain unpatched security vulnerabilities.
To protect yourself, you should uninstall Java entirely. If you can’t because you need Java for a desktop application like Minecraft, you should at least disable the Java browser plugin to protect yourself.
Other browser plugins, particularly Adobe’s Flash player and PDF reader plugins, also regularly have to patch security vulnerabilities. Adobe has become better than Oracle at responding to these issues and patching their plugins, but it’s still common to hear about a new Flash vulnerability being exploited.
Plugins are juicy targets. Vulnerabilities in plugins can be exploited across all different browsers with the plugin across all different operating systems. A Flash plugin vulnerability could be used to exploit Chrome, Firefox, or Internet Explorer running on Windows, Linux, or Mac.
To protect yourself from plugin vulnerabilities, follow these steps:

• Use a website like Firefox’s plugin check to see if you have any out-of-date plugins. (This website was created by Mozilla, but it also works with Chrome and other browsers.)
• Update any out-of-date plugins immediately. Keep them updated by ensuring automatic updates are enabled for each plugin you have installed.
• Uninstall plugins you don’t use. If you don’t use the Java plugin, you shouldn’t have it installed. This helps reduce your “attack surface” – the amount of software your computer has available to be exploited.
• Consider using the click-to-play plugins feature in Chrome or Firefox, which prevents plugins from running except when you specifically request them.
• Ensure you’re using an antivirus on your computer. This is the last line of defense against a “zero-day” vulnerability (a new, unpatched vulnerability) in a plugin that allows an attacker to install malicious software on your machine.

Browser Security Holes

Security vulnerabilities in web browsers themselves can also allow malicious websites to compromise your computer. Web browsers have largely cleaned up their act and security vulnerabilities in plugins are currently the main source of compromises.
However, you should keep your browser up-to-date anyway. If you’re using an old, unpatched version of Internet Explorer 6 and you visit a less-reputable website, the website could exploit security vulnerabilities in your browser to install malicious software without your permission.
Protecting yourself from browser security vulnerabilities is simple:

• Keep your web browser updated. All major browsers now check for updates automatically. Leave the auto-update feature enabled to stay protected. (Internet Explorer updates itself through Windows Update. If you use Internet Explorer, staying up-to-date on updates for Windows is extra important.)
• Ensure you’re running an antivirus on your computer. As with plugins, this is the last line of defense against a zero-day vulnerability in a browser that allows malware to get onto your computer.

Social-Engineering Tricks

Malicious web pages try to trick you into downloading and running malware. They often do this using “social engineering” – in other words, they try to compromise your system by convincing you to let them in under false pretenses, not by compromising your browser or plugins themselves.
This type of compromise isn’t just limited to your web browser – malicious email messages may also try to trick you into opening unsafe attachments or downloading unsafe files. However, many people are infected with everything from adware and obnoxious browser toolbars to viruses and Trojans via social-engineering tricks that take place in their browsers.

• ActiveX Controls: Internet Explorer uses ActiveX controls for its browser plugins. Any website can prompt you to download an ActiveX control. This can be legitimate – for example, you might need to download the Flash player ActiveX control the first time you play a Flash video online. However, ActiveX controls are just like any other software on your system and have permission to leave the web browser and access the rest of your system. A malicious website pushing a dangerous ActiveX control may say the control is necessary to access some content, but it may actually exist to infect your computer. When in doubt, don’t agree to run an ActiveX control.

• Auto-Downloading Files: A malicious website may attempt to automatically download an EXE file or another type of dangerous file onto your computer in the hopes that you will run it. If you didn’t specifically request a download and don’t know what it is, don’t download a file that automatically pops up and asks you where to save it.
• “You Need a Plugin to Watch This Video”: If you stumble across a website that says you need to install a new browser plug-in or codec to play a video, beware. You may need a new browser plugin for some things – for example, you need Microsoft’s Silverlight plugin to play videos on Netflix – but if you’re on a less-reputable website that wants you to download and run an EXE file so you can play their videos, there’s a good chance they’re trying to infect your computer with malicious software.

• “Your Computer is Infected”: You may see advertisements saying your computer is infected and insisting you need to download an EXE file to clean things up. If you do download this EXE file and run it, your computer probably will be infected.

This isn’t an exhaustive list. Malicious people are constantly on the look-out for new ways to trick people.
As always, running an antivirus can help protect you if you do accidentally download a malicious program.

---

These are the ways the average computer user (and even the employees at Facebook and Apple) have their computers “hacked” via their browsers. Knowledge is power, and this information should help you protect yourself online.

Sandcat Browser Pen-Tester Browser

Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Syhunt Web Application Security Scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support. 

Sandcat Browser includes the following pen-test oriented features:

• Live HTTP Headers
• Sandcat Console - an extensible command line console; Allows you to easily run custom commands and scripts against a target website
• Request Editor extension
• Fuzzer extension with multiple modes and support for filters
• JavaScript Executor extension — allows you to load and run external JavaScript files
• Lua Executor extension — allows you to load and run external Lua scripts
• Syhunt Gelo — simplifies and accelerates the development of exploit-oriented extensions.
• PageInfo extension — allows you to view the page headers, JavaScript objects and more.
• Tor extension — Anonymity for standard browsing and for sending requests
• HTTP Brute Force, CGI Scanner scripts, Encoders/Decoders and more.

Limitations

In comparison with the full-featured Sandcat Browser application included with Syhunt Hybrid, this Sandcat Browser edition doesn't come with:

• the Sandcat Pro extensions
• Scanner integration — allows you to perform manual crawling

• Spider cache integration
• Request replay capabilities
• CatSense™ — which offers instant page analysis information 

Download

Prevent websites from tracking your location, by disabling Geolocation in your browser

Geolocation is a relatively new feature in the recent versions of most browsers. It allows websites to track your physical location, ostensibly, with a view to offer you location related search results, services or options.

You may have noticed that whenever you visit any website which requires access to your location the first time, you will see your browser saying that this website requires access to you location. We have the option to allow or disallow access, but we normally allow this. When you allow access, your IP address, along with your device details, MAC address, etc can be sent. These details are saved in Cookies. Other websites will not be able to access this data – only the website you have given access.
The privacy conscious among you may not want to disclose their physical location. Such users can tell their browsers to deny access by disabling the Geolocation feature. Let us see how to do it in Internet Explorer, Chrome, Opera and Firefox web browsers.

Disable Geolocation in Internet Explorer

Open Internet Explorer > Internet Options > Privacy tab. Under Location uncheck Never allow websites to request your physical location. Also press the Clear Sites button to remove old sites which have access to your physical location.

Click Apply/OK and Exit IE.
The registry key affected by the change of this setting is:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Geolocation

The value of BlockAllWebsites as 1, will mean Do not allow, whereas 0 would mean Allow websites to request your location.
This will block all websites from using Microsoft Location Services to find your computer’s approximate physical location.

Disable Geolocation in Chrome browser

Open your Chrome and click on the Spanner icon > Settings > Scroll down > Click on Show advanced settings. Under Privacy, click on Content Settings button. Again scroll down, till you see Location.

Here check the Do not allow any site to track my physical location radio button.
Click OK and Exit.

Disable Geolocation in Opera browser

Open your Opera > Settings > Preferences. Click on Advanced tab and then on Network. Uncheck the Enable geolocation option.

Click OK and exit.

Disable Geolocation in Firefox browser

Open Firefox. Click on Settings and press the Privacy tab. Here under Tracking, check the Tell websites I do not want to be tracked check-box.

Click on OK and Exit.
Once you have done this, you should clear your Internet cache, Browser History & Cookies before you start using your browser.

Mozilla Launches Online Marketplace For Android Apps [Updates]

 
Yes, Mozilla have launched an online marketplace. But it’s not yet for everyone… especially the faint-hearted. The Firefox Marketplace welcomes early adopters and testers who are using Firefox for Android Aurora.
If you remember, Aurora itself is the highly-experimental Firefox browser for mobiles and tablets on the Android platform. The Marketplace is a showcase and a precursor for the full development of the Firefox OS which is the planned platform for low-end smartphones that will run on web technologies and not full-fledged mobile apps as we know them.
The Firefox Marketplace is positioned as a breeding ground for apps that will run on web technologies like HTML, JavaScript, and CSS, and tap into the Web APIs of online services. The blog post on Mozilla said:

Just last year, we started working to turn the Web into a viable apps development platform. We created the Firefox Marketplace to allow developers to build, distribute and monetize rich, immersive apps that use Web technologies like HTML, JavaScript and CSS.

The Firefox Marketplace is still very bare bones. It has a smattering of apps from the likes of Distant Orbit, Jauntly, Todoist, Soundcloud and Twitter. The games category is nicely populated with around 116 games. Payments, ratings, reviews, and other features will be added as the marketplace evolves and support for other platforms also opens up. Please note that The Firefox Marketplace for now is available only with Firefox for Android Aurora.

How To Boost FireFox Browsing Speed Using SpeedyFox - Increase Mozilla FireFox Speed in Windows

Hello to all friends . i hope you all are fine . Today i am going to tell you how can you boost Mozilla firefox browsing speed using speedyfox or how to optimize Firefox . So Just Follow Some Below Given Steps For Do This.

How To Increase Speed 

1. First You Need To Download Speedyfox So Click Here For Download Speedyfox.

2. Now Run It

3. Now Firefox Should Be Closed .

4. Now it will run it's process will complete within few seconds and give you sucess Message Like Above  Images in 3rd step.





5. That's It Now Just Enjoy Faster Firefox Speed :)

Firefox Is the First Third Party Browser To Adopt Windows 8 Style UI

 

 

 

Last week, Mozilla announced the latest Firefox nightly build include new Windows 8 inspired UI. If you are an early adopter or have already running Windows 8 on your local machine then you should give it a try !

In order to try out the new Firefox nightly build for Windows 8 here are some steps you need to do.

• Download the latest nightly build here.
• Make Firefox the default browser of your OS. To do that go to Options > Advanced > General tab > Check “Make Nightly the default browser”

Once you’ve done that, press the Windows key go to Start menu. You should see the Nightly Firefox has a new icon as seen blow. Click on the Nightly to launch Firefox in Windows 8 full screen mode.

To access the tab switch on the top of your window you need to right click twice on any blank space of the browser. right click once brings up the settings panel on the bottom of the screen.

This is a list of shortcuts that’s show up after you right clicked your mouse once.

Give it a try, once you have used it for a while it’s definitely a new experience that you won’t get out from any other previous version of Windows.

Conclusion

After all this is just a preview of what it might look like in the future release of Firefox, there are still time until the official release of Windows 8. Compare to what Google has done with Chrome this is definitely a welcome edition to the growing Windows 8 apps. Also note, just like IE 10 and Chrome, the full screen mode version of Firefox doesn’t support any third party add-ons including Microsoft’s own Silverlight. That means if you’d like to play videos streams through Silverlight like Netflix you will be disappointed, but hey, you still got the desktop version of the browser.

HOW TO CHANGE THE FIREFOX ORANGE COLOUR TO ANY colour

I love the way Firefox can be customized. I mean there is nothing in the browser that cannot be changed or modified according to a user’s requirement and comfort. While at the functional end about:config preferences can be tweaked to achieve almost anything, on the aesthetic front we have CSS components that can be defined to modify the appearance of the interface.
We will consider Firefox’s orange button that is placed of the top left of the browser and see how its look and feel can be amended. For example, check out the image (below) and note how I have changed the color from orange to red, the text from white to black and from Firefox to Guiding Tech. Interesting, right?

Steps to Customize Firefox Button’s Appearance

Each profile that you create on Firefox has a CSS file associated with it. It is meant for user inputs to vary the show of the browser. In the process we will also tell you how to find that file or create one if it does not exist.
Step 1: Open Firefox and navigate to Firefox (the orange button) -> Help -> Troubleshooting Information.

Step 2: A new tab will be launched. Look for the section reading Application Basics. To get to your profile folder click on Show Folder button. It is suggestive to open the profile folder from here because if there are multiple profiles you may not know which one is being used.

Step 3: In your profile directory you will find a folder called chrome. If you cannot find that, you may create one.

Step 4: In this folder there should be a file named userChrome.css. The name should be exactly as spelled here.

Again, if you cannot find it you can create one. If it is there, go to Step 7. Else continue with Step 5.
Step 5: Right-click on and empty space and create a New -> Text Document. Once done, open the file with Notepad.

Step 6: Now go to File and Save As the document as userChrome.css. Make sure that you change the Save as type to All Files from the bottom of the Save dialog. Click on Save and close the document.

Step 7: Open the userChrome.css file with Notepad. Simply right-click on the file and choose Open With -> Notepad.
Step 8: Copy the below code snippet (as-is) and append it to the file. Save the changes.

@namespace url(“http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul”);
#appmenu-button {
background: #orange !important;
}
#appmenu-button dropmarker:before {
content: “Firefox” !important;
color: #FFFFFF !important;
}
#appmenu-button .button-text {
display: none !important;
}

Note the chunks in bold. They represent the button color, text and text color respectively. In order to change the appearance of the button you may modify these values. Here’s the code that corresponds to the image you saw in the beginning.

stay focused

Stay Focused With StayFocusd For Google Chrome And Say Goodbye To Distractions

The Internet is a vast place, with loads of information that can often be overwhelming. It would be an understatement to say that it’s the primary resource for research and getting work done. But don’t be caught off guard by its trickery. Although it can be a place of productivity, it also is a master at leisurely distractions that can eat up time you don’t have. StayFocusd is among several great  tools tohelp prevent these distractions from keeping you from important work.

Notice I said “help” and not that they will. Something I want to emphasize is with any tool like this you often assume that it is the be-all, end-all to preventing procrastination (or fill in the blank of a problem that an app can solve). So before I explain StayFocusd’s features and options, remember this:

1. It won’t do you any good if you don’t set it up and use it, let alone have it disabled.
2. Ultimately, you’re the one in control — not an extension. It can be a tool and asset, but not a solution.

Now To The Features And Options

You can customize the StayFocusd options as much or as little as you’d like. Even with the default settings, it can help you be productive. Below is the dropdown window in Chrome which displays the website you’re on, time remaining (which you can adjust in the settings) and advanced options such as blocking or allowing a custom URL.

Maximum Time Allowed

The first option you should become familiar with is Maximum Time Allowed per day. Be sure to set this time accordingly as you cannot change it once the time has run out for that day.

Active Days

The next option is which days StayFocusd should be active on. Note that you cannot change it from the day you’re on so if you don’t want it to be active the next day, uncheck it the day before. This is helpful if you only have certain days that you work, especially if you install this on a work laptop which you take home, but don’t always use it for work.

Active Hours

Active Hours will only apply to the active days which you’ve previously set. At default it’s set to for the entire day, but if you want to restrict 10 minutes of leisurely browsing to the hours you work and not be restricted the rest of the time, be sure to adjust this setting accordingly. Note that once changed, the changes won’t take affect until 24 hours from the time the change was made.

Daily Reset Time

Daily Reset Time is another helpful feature if you work odd hours in the day. Just like the other settings, changes made to this will not take effect until 24 hours from the time changed.

Blocked Sites

Here’s where we make all of the magic happen. Actually, it’s just where you block websites, but the way StayFocusd works is pretty magical. Like the rest of the pages, the instructions on the settings page are easy to understand and follow. Simply start adding websites the way you’d type them in any modern browser.

However, if you were like me, you stopped at just a few websites that you could think of. You know there are more that you look at and waste time on, but just can’t think of them. Luckily for you, StayFocusd has done some of the work. If you click on the link “Check out this list” next to the question about suggestions, you’ll be presented with a list of popular distractions across the web. Simply click the “+” to add them to your block list.

Note that not all of the sites are pictured above (e.g. Reddit or YouTube aren’t shown in the image, but is on the list), so make sure to check out the complete list.

Another option on the Blocked Sites page is The Reddigglicious Option which is a combination of words from three common timewaster websites: Reddit, Digg and Delicious. The concept is that often times we aren’t on these websites, but are on websites with links to them. This is a must-have feature for people with CHS – Click-Happy Syndrome. I’m one of those people – where I will just click on a link without even thinking about why I was on that page. Perhaps I was even on the page for a legitimate and productive reason (which happens to me all the time and I will touch upon that in a bit.) So as the image below states, this feature works by continuously running the timer while on webpages that even though they aren’t on the blocked list, contain a link which is.

Allowed Sites

This isn’t a mandatory setting to use, however if you want to ensure that the timer doesn’t use up your time on certain sites, you must add them to this list.

The Nuclear Option

This setting is insane, hence the word “nuclear” in the name. The image below is pretty self explanatory, but just use caution with this as many times you might forget about websites you use on a daily basis, such as webmail. Be sure to add these sites to your allow list (although this can get tedious if there are a lot or you don’t have a specific set of websites which you use). This feature can be quite beneficial if used appropriately – just make sure you completely understand how it works so it doesn’t actually inhibit you from accomplishing work.

Require Challenge

What about just changing settings? Well, if you don’t trust yourself you can enable this option, but I warn you – you better have 100% (no less) typing percentage, meaning no mistakes, otherwise you could become quite frustrated.

The strategy behind the challenge is that changing settings for your own convenience will be extremely difficult or impossible, or at least an inconvenience to say the least. Below is a preview of what you would have to complete before altering any settings if this setting were activated.

Note: you can see this exact preview by clicking the link “Click here” next to the question asking if you’d like to test the challenge before you turn it on.

Customize

Can I customize any of these settings or features? Are there more features? I thought you’d never ask. The answer is yes to both. In the first image below, you can see features such asSync, Popup, Infobar, and “Are you still there?” overlay.

You may want to disable sync if you use Chrome Sync between two computers, such as a personal and work computer, but don’t want the same StayFocusd settings or even the extension itself on your personal computer and only want it on your work computer. I find this option rather beneficial. The other options in that image are pretty self explanatory.

Other options on this page are customizing the notifications that StayFocusd prompts you with and also adjusting the text for the challenge.

Import/Export Settings

Lastly there’s the option to export and import your settings. Obviously if you go to great lengths of customizing this awesome extension, you don’t want it to be all for not. The export function allows you to save a “backup” of this or even just make it easy to add these settings to another computer (yours or even a friend’s)

Two Weaknesses of StayFocusd To Make Note Of

These aren’t really weaknesses of the extension itself, but just areas to be aware of that the extension is limited.

Can Be Manually Disabled

Obviously if this wasn’t the case, we’d have to worry about a very invasive browser extension that would literally be controlling us. Despite all of the extreme settings like The Nuclear Option and The Challenge, the Achilles heel of StayFocusd is that you can go to your extensions page and disable it at any time. This is actually nice if you made a mistake in the settings and no longer have control over adjusting them, or need to adjust them sooner than allowed. However, it’s obvious that if you have little to no self discipline, you can easily give in to yourself and disable the extension. This gets back to the two important points I made at the beginning:

1. It won’t do you any good if you don’t set it up and use it, let alone have it disabled.
2. Ultimately, you’re the one in control — not an extension. It can be a tool and asset, but not a solution.

Not Applicable For Everyone’s Use

I fit in this category as well as a lot of people working in tech, research, writing, journalism or a combination (and probably other areas too). We often use “timewaster sites” to help us in some way: check Facebook for an update on a company’s status, contact a company through Twitter regarding a problem, search YouTube for a video to use in an article, or just scouring the Internet for ideas or research. How do you separate the two?

First, you can still add sites you know you won’t be using and are likely to be distracted by to the block list. Also, there are some settings such as specific times/days that websites are blocked.

However, that still leaves lots of time to be distracted by potentially helpful, but also distracting websites. I can’t count the times where I’ve gotten on Facebook to do something productive and found myself distracted. In fact, that may have even happened while writing this article, since I logged on to use Facebook as an example in one of the first images.

Conclusion

In the end, StayFocusd is an excellent tool to use. Just remember that you have to still be disciplined, however, StayFocusd is great for keeping you off websites and reminding you what your real purpose is at a computer. Below are a couple of articles which have tools similar to StayFocusd (one even features it).

• 3 Ways To Stop Multitasking & Stay Focused To Be More Efficient & Productive [Windows]
• Addicted To Google Plus- Here Are 4 Ways To Block Addictive Websites & Get Back To Work

Download and Install StayFocusd at the Chrome Web Store and stay informed with updates from the Twitter account (@StayFocusd).

What do you think of tools like this? Do you use one, perhaps this one, yourself? Do you have any concerns or have you found it to be beneficial to your productivity? Share your thoughts in the comments below!