Mozilla continues to shovel more features into Firefox. This week we have Firefox 38.0.5, which adds support for Pocket (a ‘save for later’ service) and Reader mode, which provides simplified views of any web page. Version 38.0.5 also fixes a couple of nasty performance and display bugs that were introduced in recent versions. The 38.0.5 release notes provide additional details. No security issues were addressed in this update.
Mozilla is re-evaluating Firefox’s release notes, even going so far as to ask the community for feedback. Now if we can just get them to do something about the total lack of new version announcements. As usual, there was no proper announcement for this new version, although there was a post on the Mozilla blog that discusses Pocket and Reader.
Update 2015Jun10: I recently encountered an article on a site that displays everything as white text on a black background. I can only read a site like that for a few seconds before my eyes start to go blurry, so I decided to try Firefox’s new Reader mode. The near-unreadable text was transformed into beautiful, uncluttered, easy-on-the-eyes text. So apparently my offhand dismissal of Reader mode was a mistake: it’s actually a very useful feature, especially for those of us past a certain age.
Those of you who monitor traffic arriving at your home or work network are no doubt aware that your network is being constantly scanned for vulnerabilities. Brian Krebs rightly points out that much of this scanning activity is not malicious.
A hidden feature in recent versions of Firefox blocks technologies – including cookies – that would otherwise be used to track your activities on the web.
Currently, the Tracking Protection feature can only be enabled via Firefox’s hidden about:config interface. To access this interface, enter about:config in the address bar. You’ll see a large warning message. Click the I’ll be careful button to proceed. In the search box, enter privacy.trackingprotection.enabled. The setting should be listed below, along with its current value. Double-click the line of text to toggle it from false to true.
Tracking Protection doesn’t appear to block ALL cookies, just those that are associated with activity tracking. According to Mozilla’s description of the feature, the default list of blocked resources is based on information from the security provider Disconnect.
Unfortunately, there’s not much available to the user for managing the feature. There’s no easy way to list or modify the resources that will be blocked. All the user sees is a new shield icon at the extreme left end of the address bar, which you can click to see a small dialog:
There’s not much information on the dialog, and the only options available are to close the dialog or Disable protection for this site.
There is a way you can see exactly what resources are being blocked: click the Firefox menu button (the ‘hamburger’ at the right end of the toolbar), then click Developer, then Web Console. As you encounter blocked resources, they will appear in the list at the bottom of the screen. For example: “The resource at “http://www.google-analytics.com/analytics.js” was blocked because tracking protection is enabled.” Unfortunately, there’s usually lots of other information in that list as well.
By default, Tracking Protection blocks useful technologies, including at least two used on this site: Google Analytics and Feedjit. Google Analytics provides invaluable information to site managers, including how many people visit the site, when they visit, how long they stay, and so on. Feedjit is the technology powering the Live Traffic Feed in the sidebar; I’m only using it as an interesting experiment, so it’s not a big deal if it misses some users, but it’s not in any way harmful.
In the final analysis, Tracking Protection is really only useful for the truly paranoid. But if you hate the idea of anyone knowing what you’re doing on the web, you should probably be using Firefox’s Private Browsing mode.
Tracking Protection was apparently added by Mozilla in response to the fact that the Do Not Track feature is not being honoured by all trackers. A post over on VentureBeat provides additional perspective.
On Monday Google announced a new version of Chrome, 43.0.2357.81. This version does not appear to include any security fixes, but it does fix two minor display issues.
A short quiz, provided by anti-malware software maker McAfee, allows you to test your skill at identifying phishing email.
In the quiz, you are presented with ten email samples, and asked to decide whether they are phishing email.
What is phishing? From Wikipedia: “Phishing is the illegal attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”
Hint: look for links in each of the sample messages. Hover your mouse over each link, and compare the address with the supposed sender. If a link points to a site that’s unrelated to the supposed sender, the email is probably not legitimate.
Up until recently, I recommended BitTorrent Sync (aka BTSync) to anyone who needed a simple way to share files between remote computers. I won’t be doing that any more.
BTSync is now out of its beta period, and the news is bad. It comes in two distinct versions: the paid version, which does what we’ve come to expect but now costs $50 per year per seat, and the free version, which is limited to ten shared folders.
This, despite earlier promises that functionality would not be removed from the free version. Some may argue that no actual features have been removed from the free version, but if I was running more than ten shares and suddenly some of them stopped working, it would sure seem like something was missing.
Of particular interest in the expiry message (above) is this: “Folder additions and removals will not be propagated to other devices.” I interpret this to mean that in the free version of BTSync, adding or deleting a folder in an existing share will not result in those changes being propagated to peers. If true, this makes the free version of BTSync almost entirely useless. But in my tests, it appears that folder additions and deletions are in fact still being propagated between peers. Possibly BitTorrent intended to make this change but changed their minds and didn’t update the expiry message.
In any case, while I understand that BitTorrent has the right to try to make money from their software, tricking beta users into using (and testing) your software only to break it – and ask for what is effectively ransom money to keep using it – is not going to win many customers.
I expect BTSync usage numbers to plummet sharply soon. I’ll be looking at alternatives, and if I find something good, I’ll add it here. For now, all I can do is warn everyone: don’t use BitTorrent Sync.
Numerous security vulnerabilities were addressed in the latest release of Google’s web browser, Chrome. If you use Chrome, it should update itself automatically to version 43.0.2357.65.
There were some serious problems with Firefox 38.0, and the developers pulled it from distribution almost immediately after its release.
Mozilla moved quickly to resolve these issues, and yesterday released Firefox 38.0.1, which fixes most of the problems in 38.0. One problem apparently remains unresolved: “Responsive images do not update when the enclosing viewport changes.”
Mozilla is clearly aware of the negative aspects of Digital Rights Management (DRM). Most people view DRM as needlessly intrusive at best, and an extremely flawed, greed-motivated roadblock at worst.
Knowing all this, Mozilla has been careful to tread lightly when looking at ways to implement DRM in Firefox. The web is moving towards the new HTML5 standard, and HTML5 includes DRM. Mozilla decided to move forward with DRM in Firefox, but will make it easy for users to disable DRM features, and to obtain versions of Firefox that have no DRM features at all.
This seems like a reasonable compromise. Those of us who hate DRM will be able to continue using Firefox without interference from DRM-related technologies.
Huge networks of compromised network routers form the basis of several large botnets. These botnets – described as ‘self-sustaining’ by security researchers – are only possible because routers are shipped with common, known passwords, and because users fail to change those passwords, or leave remote administration features enabled. The compromised routers are mostly used in DDoS attacks.
Users should not depend on their ISP to secure their router. There are numerous guides for improving the security of routers, but this one at HowToGeek is particularly good.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.