Read paywalled research papers for free. Extension for Chrome and Firefox
I contacted Giorgio Maone about the vulnerability and the response time was incredibly quick. Within hours he had a patch out on his site and less then two days later the patch was pushed to all NoScript users. This is by far some of the fastest response and patch times I’ve ever seen – so hats off to him for that!
Test TLS de vos navigateurs (en fonction du user-agent)
Firefox about:config
security.ssl3.dhe_rsa_aes_128_sha = false
security.ssl3.dhe_rsa_aes_256_sha = false
Double-click privacy.trackingprotection.enabled to toggle its value to true.
Aujourd’hui je vous propose de continuer la ligne directrice des derniers articles sur l’auto-hébergement en faisant un tour du côté des utilisateurs de Mozilla Firefox. Mon panda roux préféré propose depuis sa version 4 un outil permettant de synchroniser marque-pages, historiques de navigation, préférences, mots de passe, formulaires pré-remplis, et les 25 derniers onglets ouverts à travers différents ordinateurs, tablettes et smartphone. Ce service sobrement intitulé Firefox Sync peut être hébergé chez vous, sur votre Raspberry Pi ou votre serveur dédié si vous ne souhaitez pas utiliser les serveurs de Mozilla.
We often find ourselves running applications we received in binary format. These include not only traditional software installed on our computers, but also unauthenticated programs received over the network and run in web browsers. Most of the time these applications are too complex to be bug-free, or can come from an adversary trying to get access to our system.
Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications. The core technology behind Firejail is Linux Namespaces, a virtualization technology available in Linux kernel. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table, IPC space.
How strong is your HTTPS connection? SSleuth ranks an established SSL/TLS connection and gives a brief summary of the cipher suite, certificate and other SSL/TLS parameters.
Pterosaur gives you the full power of Vim and your vimrc in each Firefox text field. (You will need pentadactyl http://5digits.org/pentadactyl/)
Le linuxien prudent n’aime pas les surprises. Pour limiter les surprises que peut faire une application, il faut tout simplement l’isoler.
Sans aller jusqu’à Bash (ahem…), ne pas vouloir que Skype, Chrome, Steam, Minecraft, … et même Firefox voient le reste du système est plus que légitime.
La solution la plus traditionnelle est le classique chroot, facile à mettre en place, mais à la réputation controversée (surtout par les gens utilisant les jails de BSD).
Apparmor propose aussi sa solution, mais sans faire rêver plus que ça.
Niveau buzzword, ces technologies sont quand même à la ramasse, pourquoi ne pas utiliser tout bêtement Docker?
Docker est tout simplement un outil conçu pour lancer une application dans un contexte (RAM, CPU, disque, réseau), de manière simple et économe. Personne ne vous oblige a y accoler le mot Cloud, que vous avez déjà tant de mal à expliquer.
Isoler une application consiste à ne lui donner accès qu’aux services dont elle a besoin, et de manière explicite.
Tab Grenade converts all your open tabs into a persistent list, freeing a lot of memory without losing any information. You can then restore individual tabs or the entire list, and you can share lists of tabs online.
Pour faire en sorte que le trafic DNS passe aussi par le proxy Socks, il faut modifier le about:config pour passer l’option de configuration suivante à true : network.proxy.socks_remote_dns.
It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors.
Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control.
Introducing HTTP Nowhere.
HTTP Nowhere is a Firefox browser extension I recently wrote to implement this idea. You can install it from the Firefox Add-Ons site, and check out the source at github. Beyond what is discussed above, it allows you to see which unencrypted requests were made while in this mode, and lets you add specific URLs or URL patterns to a whitelist.
This is just an initial Firefox-only implementation of the concept. I can imagine a future where the conscious action could be inserting and removing a hardware usb key to get your browser to go into this mode. This could work in concert with existing solutions that store client certificates on hardware devices.
https://addons.mozilla.org/en-US/firefox/addon/http-nowhere/
Tracking is one of the things that Internet users are exposed to no matter where they go. Websites use analytics software to track them, advertising companies use tracking to make more money because of targeted ads, and social media sites too may know where you have been almost at all times because of buttons and scripts that are installed on the majority of websites.[...] One option that Firefox users have for that is the Firegloves extension. It has not been updated in a year but it is still working fine. It changes settings to common values so that your browser's fingerprint turns out to be less unique than it actually would be without.
En tout cas, la chose à retenir, c’est que tout ce que vous faîtes sur Internet est accessible. Gardez ça en mémoire, et ne tombez pas des nues quand on vous l’annonce !
A l’occasion de cet anniversaire, Mitchell Baker, la présidente de la fondation Mozilla, écrit : « Dans les mois et les années à venir, les opportunités et les menaces qui pèsent sur le Web seront aussi importantes qu’il y a quinze ans. Avec l’influence croissante des données et les capacités des appareils qui augmentent, Internet va devenir encore plus central dans nos vies. Il est fondamental que les individus gardent un contrôle sur le fonctionnement et l’expérience proposée. Mozilla peut et doit jouer encore un rôle central. » On peut d’ailleurs commencer par installer la très bonne version mobile de Firefox pour Android. On dit ça comme ça.