Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Michael P. Kassner Compromising Web sites has become cybercriminals’ favorite method to get malware installed on computers. Here are 10 ways to beef-

Published byNorman Cross Modified over 8 years ago

Similar presentations

Presentation on theme: "By Michael P. Kassner Compromising Web sites has become cybercriminals’ favorite method to get malware installed on computers. Here are 10 ways to beef-"— Presentation transcript:

1 By Michael P. Kassner Compromising Web sites has become cybercriminals’ favorite method to get malware installed on computers. Here are 10 ways to beef- up Firefox, making it more difficult for the bad guys.

2 Mozilla Firefox is a good browser to start with, but third-party extensions make it great. That’s especially apparent when it comes to Web browser security as shown by the following add- ons.

3 If you only install one extension, make sure it’s NoScript. By default, it blocks all scripts, a good thing. That’s because bad guys love to use scripts to install malware. This way, you decide whether JavaScript, Java, and other content are allowed to run. NoScript

4 Several members recommended BetterPrivacy as the best way to control Flash cookies. Flash cookies are difficult to remove, do not expire, and can recreate deleted HTTP cookies. After much testing, I know BetterPrivacy works. Whereas controlling Flash cookies using Adobe’s Web site is questionable. BetterPrivacyFlash cookiesAdobe’s Web siteBetterPrivacyFlash cookiesAdobe’s Web site

5 I must confess, AddBlock Plus is not a security add-on. But, I would not surf the Web without it. It’s awesome; blocking all ads, especially those bandwidth-hogging banner ads. Web pages pop up almost immediately. Try it once and you will be convinced. AddBlock Plussecurity add-onAddBlock Plussecurity add-on

6 Chad PerrinChad Perrin and I, along with many other security advocates have written about Perspectives. Anything that reduces the likelihood of TLS/SSL "Man-in-the-Middle" attacks (think identity theft) is important. It’s not perfect, but should be in your arsenal, warning you when something is not right. IPerspectives Chad PerrinIPerspectives

7 SSL BlacklistSSL Blacklist segues with Perspectives, helping to keep your TLS/SSL experience (again think identity theft) safe. It does this by detecting weak or revoked certificates. Both of which should be a concern. SSL Blacklist also checks if the certificate was built using the vulnerable MD5 hash algorithm, another huge security weakness. vulnerable MD5 hash algorithm SSL Blacklistvulnerable MD5 hash algorithm

8 WOTWOT is an add-on from Web of Trust Services. It is an up-to-date aggregation of spam and phishing blacklists. WOT ranks search entries according to their trustworthiness, vendor reliability, privacy, and child safety. Bottom line, if WOT flags a Web site as bad, you should take notice.Web of Trust Services

9 PhishTank SiteCheckerPhishTank SiteChecker is a Firefox add-on using an API provided by PhishTank and its active anti-phishing community. Once installed, the add-on will block access to what PhishTank considers potential phishing Web sites, giving the user the option to continue or not. APIPhishTank SiteCheckerAPIPhishTank

10 WOT and PhishTank SiteChecker are similar in what they do. Yet they do not always agree. I don’t see a problem using both, more information permits better decisions.

11 PrivacychoicePrivacychoice has developed Trackerwatcher, a unique add-on that allows you to see what’s going on behind the scenes. Trackerwatcher will inform which advertising networks are providing ad content to the Web site you are currently visiting, if they are using behavioral targeting, and how to opt-out. Trackerwatcher PrivacychoiceTrackerwatcher

12 BugMeNotBugMeNot is a unique add-on. Its main purpose is to eliminate advertising spam from Web sites that require registering. If a Web site requests information, activate the add-on. It will check BugMeNot.com’s extensive database. If registration information is available, BugMeNot will populate the form, allowing you to continue on while remaining anonymous. BugMeNot.com’s BugMeNotBugMeNot.com’s

13 XmarksXmarks is not a security extension, but it is one helpful add-on. Trying to keep bookmarks synchronized on several computers is a pain. Xmarks does it for you. Install it and get rid of the frustration. Xmarks

14 Firefox is my Web browser of choice. I also use all of the extensions I recommended. If pushed, I would admit that NoScript, BetterPrivacy, and AddBlock Plus are the ones I consider most important. That said, if I missed your favorite security extension, please let me know.

Download ppt "By Michael P. Kassner Compromising Web sites has become cybercriminals’ favorite method to get malware installed on computers. Here are 10 ways to beef-"

Similar presentations

B: STUDENT DRIVE MOVE INSTRUCTIONS. Using Internet Explorer: From your computers desktop, double click on the Internet Explorer icon. (Internet Explorer.

B: STUDENT DRIVE MOVE INSTRUCTIONS. Using Internet Explorer: From your computers desktop, double click on the Internet Explorer icon. (Internet Explorer.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Safer, Speedier and Sexier Surfing with Safari. Which Web Browser?

Safer, Speedier and Sexier Surfing with Safari. Which Web Browser?
Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.

Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
1 Secure Interaction Design Kami Vaniea. 2 Overview Designing secure interfaces  Design principles Firefox extensions  Cookies  Phishing  Tracking.

1 Secure Interaction Design Kami Vaniea. 2 Overview Designing secure interfaces  Design principles Firefox extensions  Cookies  Phishing  Tracking.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
For Removal Info: visit

For Removal Info: visit
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
Clearing your Cookies Mozilla Firefox A short guide to help you navigate our website faster Brought to you by:

Clearing your Cookies Mozilla Firefox A short guide to help you navigate our website faster Brought to you by:
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Virtual techdays INDIA │ 9-11 February 2011 Safe Browsing Experience for your Home & Office M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation.

Virtual techdays INDIA │ 9-11 February 2011 Safe Browsing Experience for your Home & Office M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation.
What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.

What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.
Tim Fredrick March 2010 NCAR/ACD/NESL Computing The Mebroot/Torpig threat UCAR Malware incidents.

Tim Fredrick March 2010 NCAR/ACD/NESL Computing The Mebroot/Torpig threat UCAR Malware incidents.
Safer Web Browsing Terry Labach Information Security Services IST.

Safer Web Browsing Terry Labach Information Security Services IST.
Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.

Verma - ICISS 2014 R easoning M ining NLP Defense Rakesh M. Verma ReMiND Laboratory Catching Classical and Hijack-based Phishing Attacks.
Security Warnings TROPE: Teachers’ Resources for Online Privacy Education www.teachingprivacy.org 1.

Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
Create Your Own Webpage. Today’s Agenda Cut & paste code Notepad++ or Notepad at home FTP Web Hosting Wordpress.

Create Your Own Webpage. Today’s Agenda Cut & paste code Notepad++ or Notepad at home FTP Web Hosting Wordpress.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Similar presentations

Ads by Google