New Trick to get Browsers to Expose Passwords
Posted on July 25, 2007, under Web Dev/Tech.
CyberNet News wrote a post titled “Firefox Password Manager Exposes Passwords - Most Secure Browser?” which talks about a new phishing technique.
Essentially, if you use a password manager like the one in FireFox, which auto-fills the username and password fields in a form, you are susceptible to attack. Once the form is auto-populated, a web site can use JavaScript to grab the credentials out of the form. If you read the details, you understand that the attack can only happen on the same domain, but think about how many web sites that attack could happen on - Blogger (Google account info), MySpace, etc. The article gives three possible solutions, including not using the password manager and turning off JavaScript.
The third option was to use a browser extension called Secure Login. The Secure Login extension acts as hooks into Firefox’s Password Manager. All the credentials are still handled by Firefox, but Secure Login will prevent usernames/passwords from being auto-populated in a form. It will give you visual cues that it can fill in the form, and then you must initiate the populating of the fields. That gives you a stop-gap in case you don’t want the form to be auto-populated right away. I’ve used it for a day, and the extension works pretty well.
User comments in the article said Opera has had this feature built in for awhile, and suggested using Opera instead. While its great to see Opera was ahead of the game, I personally haven’t been able to get comfortable enough with Opera yet to consider a switch. It just doesn’t feel natural to me for some reason when I’m surfing.
If you happen to be like me, and use Firefox and its password manager, take a look a the Secure Login extension to help prevent this new phishing technique.
10 things to know before you register a domain name
Posted on June 28, 2007, under Security, Web Dev/Tech.
Sometimes I get asked what is involved in registering a domain name, and is there anything to be careful of. I just ran across this site which does a good job of listing out most of the concerns to watch for when choosing an organization to register a domain name with:
10 things you MUST know before you register a domain name with anyone
Firefox Extensions Auto-Update Vulnerability
CyberNet News has the description for how someone can attack your Firefox browser using auto-updating extensions as the attack vector:
A new Firefox vulnerability has been discovered, and this time it is quite a doozy. It affects many different extensions including Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, and PhishTank SiteChecker.
Memorial Day
Posted on May 28, 2007, under Current Events.
Google to buy FeedBurner
Posted on May 23, 2007, under Current Events.
Timely, considering my last post. Apparently rumors are being confirmed that Google will buy FeedBurner. Too bad.
Google: Total Information
Google’s goal to organise your daily life
Eric Schmidt, Google’s chief executive, said gathering more personal data was a key way for Google to expand and the company believes that is the logical extension of its stated mission to organise the world’s information.
Asked how Google might look in five years’ time, Mr Schmidt said: “We are very early in the total information we have within Google. The algorithms will get better and we will get better at personalisation.
“The goal is to enable Google users to be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’”
Dear Google, should I switch search engines?
Which side are you on?
Posted on May 9, 2007, under Web Dev/Tech.
In my career involved with web development, I’ve gone from more Microsoft-oriented development (ASP, Commerce Server, etc) to Open Source/Java (Apache, PHP, MySQL, JSPs, WebSphere, etc), to getting more involved with Microsoft again (SharePoint, .NET/C#, SQL, IIS). The latter transition is still an ongoing occurrence – my time is split between Microsoft and LAMP, but over the last year and a half I’ve come to reflect on some things and the way I viewed the “opposing” camp (whichever it may have been at the time).
At this juncture in my career I find that I resonate very much with the summary of this post by Jeff Atwood:
As a software developer, you’re doing yourself a disservice by pledging allegiance to anything other than yourself and your craft– whether it’s Microsoft or the principle of free software. Stop with the us vs. them mentality.
Competition is good and is what drives innovation; I am a firm believer in this principle. I even understand strongly disliking a product. There are major products I don’t like and don’t want to support/use. I also have my share of distrust for the “good will/do no evil” of many of the major players.
But if you are someone who has an emotional disdain for anything written in a certain language just because it is Microsoft/Open Source/”not Microsoft”, I don’t really want to have you on my team. That attitude tells me you’re more about protecting your personal “religion” than matching business value with a job well done. Instead of looking at business value and working as a team to apply technology towards the solution, you’re about protecting your technology dogma.
No thank you. You’re not a fun person to work with.
Windows Activation Virus Alert
Check out this post about a Windows Activation Virus. The virus spoofs the Windows Activation screens, and asks for credit card information to activate Windows. Pretty convincing screens.
Easter, gang members and Kirk Cameron
Kirk Cameron goes over the reason for Easter with some Santa Monica gang members.
More here.
Removing recent workspaces in Eclipse menu
Posted on March 29, 2007, under Web Dev/Tech.
When Eclipse 3.2 launches, it asks you which workspace you would like to work in. To help you remember the workspaces you’ve been in, Eclipse provides you a drop-down menu of workspaces you have recently been in.
If you ever find that you have a defunct workspace listed in the menu, as I did, here is how you can manually remove it.
- Find the following file:
(eclipse-home)\configuration\.settings\org.eclipse.ui.ide.prefs - Open the file, and look for the line that starts with:
RECENT_WORKSPACES - The workspaces are separated by commas, so delete whichever workspace you no longer want in the drop-down menu.
- Save the file.
Enjoy a clean startup menu!