Oracle of ONE1 » security

Firefox Keywords and Domain Guessing

one1 — Fri, 09 Jul 2010 16:56:28 +0000

I use Firefox regularly and am quite happy with its feature set and extensibility. There are a few options that I change to enhance my experience and security. These are:

Domain guessing
Internet keywords
Keyworded bookmarks

I turn off Domain guessing and Internet keywords; and instead use Keyworded bookmarks extensively. Accessing two of these settings requires entering about:config in the address bar. This provides direct access to Firefox’s configuration settings but is not recommended for novices. Learn more on about:config. When you are done with your settings just close the window/tab displaying about:config.

Domain Guessing

This feature converts a poorly formatted address and guesses what properly formatted address you really wanted. See Domain Guessing for details. I disable Domain Guessing as a security enhancement. I do not wish to be automatically taken to a web site based upon my mis-typing.

Disable it

Go to about:config
Search for the setting browser.fixup.alternate.enabled, easiest to just type fixup in the filter bar
Double click the entry to change it from true to FALSE

Internet Keywords

This feature submits any word entered in the address bar to a search engine and then automatically directs you to the first search result. See Internet Keywords for details. I disable Internet Keywords for security reasons.

Disable it

Go to about:config
Search for the setting keyword.enabled, easiest to just type keyword in the filter bar
Double click the entry to change it from true to FALSE

Keyworded Bookmarks

Now that I have disabled two features that provide shortcuts for address bar entries, I will add my own keyword shortcuts. Once done, I can just type in:

mail to be taken to my corporate webmail
wiki to go to my wiki
blog to be taken to my blog’s login page
etc

The simple steps are (in Firefox 3.3.6):

Add your most used web site pages as bookmarks
Use the menu Bookmarks > Organize Bookmarks (or Ctrl+Shift+B)
Select a bookmark
In the bottom left click the More button
Add you keyword
Close the window

Now type your keyword into the address bar and quickly access your most used sites.

Adobe Acrobat /Launch

one1 — Fri, 16 Apr 2010 19:02:21 +0000

There is a new social engineering attack that utilizes the /Launch capability in Acrobat Reader. It is currently being exploited by a particularly nasty trojan named Zeus. It is simple to protect yourself from this exploit some please disable /launch by following the instructions at http://blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html.

For more on Zeus, see this Wikipedia article.

As always; keep your software updated, use anti-malware detection software, use a well-configured firewall when accessing public Internet access point, and use common sense to recognize phishing attempts.

Make Acrobat Safer

one1 — Sat, 09 Jan 2010 16:33:24 +0000

Adobe’s products have received recent scrutiny from the security community. In fact, many have suggested that their products will be the main target for malware in 2010. Why? Well Adobe’s Acrobat Reader and Shockwave are very widely distributed and many vulnerabilities are being discovered which often remain unpatched for a while. Adobe has some improving to do.

In the meantime, you can protect yourself somewhat and still use Acrobat Reader. These steps do not guarantee your safety but do reduce your risk profile.

Disable Javascript

Many of the attack vectors are related to the use of javascript, so the obvious solution is to disable javascript. Follow these steps:

Open Acrobat Reader
Open the ‘Preferences’ dialog from the menu Edit > Preferences
Uncheck the Enable Acrobat Javascript from the ‘General’ or ‘Javascript’ tab
Save your changes

Prevent the Display of Acrobat Documents in the Browser

This prevents malicious links from displaying a PDF in you browser. Combined with the next recommendation, it also forces you to be more aware of the files you are about to view.

Open Acrobat Reader
Open the ‘Preferences’ dialog from the menu Edit > Preferences
Uncheck the Display PDF in Browser from the ‘Internet’ tab
Save your changes

Prevent Internet Explorer from automatically opening PDF documents

This step involves editing your registry file and is usually reserved for advanced users. Please make a backup of your registry before completing this step.

Start the registry editor (regedit)
You will be modifying 2 key values, so navigate to these branches:
- HKEY_CLASSES_ROOT\AcroExch.Document.7
- HKEY_CLASSES_ROOT\AcroPDF.PDF.1
In each branch, modify the key EditFlags. The new value should be:
- 00 00 00 00 (REG_BINARY)
Save your changes.

If regedit refuses to save your changes, you may need to modify the permissions on the branch. Do this by right-clicking.

Do Not Open Untrusted PDF Documents

If you do not know who the PDF is from or are unexpectly asked to open a PDF, just say no.

SANS OUCH Report

one1 — Mon, 08 Dec 2008 21:46:03 +0000

A very good summary of information from SANS Institute.

The Ten Dumbest Things People Do to Mess Up Their Computers

Plug into the Wall without Surge Protection
Surf the Internet without a Hardware Firewall and a Software Firewall
Turn off the Antivirus Because It Slows Down Your System
Install and Uninstall Lots of Programs, Especially Freeware
Keep Your Hard Drive Full and Fragmented
Open All Email Attachments
Click on Everything
Believe that Macs Don’t Get Viruses
Use Easy, Quick passwords
Don’t Bother with Backups

Now I’m certain that somebody will deliver a comedic version of this list but the ten items listed here are things to make certain YOU do not do.

SANS OUCH Report – June 2008

one1 — Mon, 02 Jun 2008 21:39:32 +0000

View the latest OUCH report from SANS. This security awareness report helps general computer users protect their computers and more importantly their information.

It has been some time since I distributed the last report. The information contained herein is still relevant for all users.