Tuesday, April 5, 2011

Must-have restartless Firefox add-ons

Must-have restartless Firefox add-ons

Must-have restartless Firefox add-ons

Posted: 04 Apr 2011 05:50 PM PDT

The future of Firefox's add-ons arrived in Firefox 4 with the introduction of "restartless add-ons". Based on the new Jetpack API and Add-on SDK, restartless add-ons--also known as bootstrapped add-ons--don't require a restart to be used or removed. Not coincidentally, they also provide Firefox with a venue for competing directly with other browsers, which use add-on frameworks that were created after the technology that supports restartless add-ons was created.

Mozilla Home Dash re-imagines the Firefox interface.

(Credit: Mozilla)

Firefox doesn't offer many restartless add-ons just yet. At the time of writing, there were only 143 restartless add-ons. Also, there's been documented problems by existing add-on authors in making their add-ons restartless, but that doesn't mean that the ones available are worthless. In fact, some of them add some impressively useful functionality to the browser. Here are 13 of the best.

The entire collection of Prospector add-ons from Mozilla are a great way to take advantage of the flexibility of restartless add-ons. Install one, test it out quickly, and if you don't like it you can remove it as fast as you installed it.

The most interesting Prospector experiment is Home Dash. It's possibly the most annoying, too. Home Dash is a complete re-envisioning of the browser interface, presenting a workflow unlike any other browser out there today that attempts to emphasize tab previews and search queries. It's not for everybody, but it's definitely worth checking out.

The current crop of Prospector Experiments includes Speak Words for location bar search completion; Instant Preview for faster page loading from location bar suggestions; Find Suggest for search suggestions when using the in-page Find tool; and Start Faster makes a customization tweak to how Firefox starts when you've just turned on the computer. The short version is that it does what it says it does: Firefox will start faster when you've got it running, at least after you immediately restart your Windows box.

The slightly more technical explanation is that it bypasses the Windows prefetch feature. The add-on will install a Faster Firefox icon on your desktop, which has to be used to start the browser after a Windows reboot. To double-check that it's working properly, the developer recommends using the About:Startup add-on, which is also restartless.

Type "about:startup" into your location bar and you'll get, in milliseconds, how long Firefox's main process takes to start; how long it takes for XRE_main to be called, one of Firefox's first called functions; how long it takes the tabs from the previous session to be restored but not reloaded; and how long the firstPaint takes, which is time it takes for the the first tab you're looking at to fully load.

Note that About:Startup, while technically a restartless add-on, will not be able to display information from before it was installed. In other words, you have to have it installed before Firefox starts to get information from it.

While we're on the subject of restarting, Restartless Restart adds a menu button and keyboard hot key combination to allow you to restart the browser. It currently lacks a toolbar icon, yet the core function, on-the-fly restarting, is effective and smooth.

LuckyBar restores the "I'm Feeling Lucky" functionality to Firefox 4. The feature was present in Firefox 3, but removed because of Mozilla's concerns over privacy issues relating to accidentally sending search queries to your default search engine instead of restricting the search to your personal Firefox data.

Tab Badge provides an unread count for sites like Twitter and Facebook, as well as your RSS feed and webmail.

(Credit: Mozilla)

Easy App Tabs helps you create and remove App Tabs, the permanently pinned tabs on the left side of your tab bar. Double-click on a tab to set it as an App Tab, or return it to normal status. The feature was left out of Firefox because Mozilla found that users were accidentally creating app tabs when they didn't want to.

Another smart and simple tab-focused add-on is Tab Badge. This add-on shows you an unread count on your social networking and e-mail sites as long as the number of unread messages is programed to appear in the site's titlebar. So, if your Gmail title is "Priority Inbox - 10", the number "10" will appear in a red circle on the tab. While Gmail has the feature available as a lab experiment you can activate, this is a clever way to get it on all your communication sites.

Developed by Diigo.com, Read Later Fast saves URLs to be read later. It can be synced locally and with the cloud storage at Diigo, and presents an interesting alternative to other "save-for-later" services. However, this feature is built into Firefox 4 in a very basic way. You can use the bookmark star to quickly mark pages, close the tabs, and then using Firefox Sync re-open the starred pages on a different device. That doesn't mean Read Later Fast isn't useful, though.

Long one of my favorite Firefox add-on features has been the ability to drag items from Windows Explorer directly into a text field to upload them. Drag2Up provides that functionality in a restartless add-on, which is great for toggling it off on the rare occasion when the feature interferes with text box functionality.

If you've got a favorite restartless add-on not mentioned here, tell me about it in the comments below.

Make your own ringtones on Android, iPhone (video)

Posted: 04 Apr 2011 05:07 PM PDT

Cutting your own ringtones from songs in your mobile library isn't hard at all, and there's even one ingenious Android app that takes a much more creative approach than the usual slice-and-serve.

iPhone apps also handily make ringtones. Apart from choosing the start and stop times--which can be frustrating and time-consuming depending on your level of meticulousness--the most trying portion of the creation process is transferring your newly created selection to iTunes and then back to your computer as a ringtone.

No, it doesn't make sense, but the apps show you how to do it and ultimately offer an easy enough way to ready 'tones for your phone while you're away from your computer.

Originally posted at Crave

Facebook for iPhone gets event check-ins, unfriending

Posted: 04 Apr 2011 02:33 PM PDT

Facebook for iPhone gets unfriending

Press the arrow on a contact's profile page to unfriend.

(Credit: Screenshot by Jessica Dolcourt/CNET)

I always love seeing new functionality for Facebook for iPhone, and the team has trotted out not just tweaks, but some improvements that make a real difference.

For instance, you can now unfriend former buddies directly from the phone, instead of having to cut them off from your profile page on the Facebook.com site (not that I would ever do such a thing, of course.)

Just go to a contact's profile page and press the arrow in the top-right corner, the same you would tap to add a friend as a favorite or launch a Facebook message.

The map view for Facebook Places is also a useful embellishment. Just click a friend's name in the Activity view of your Places list and you'll see a thumbnail that plots the location of his or her latest check-in on a Google Map. Tap the map to expand it to full-screen size.

Maps appear in Places in Facebook for iPhone

Places listed in Facebook for iPhone now get Google maps.

(Credit: Screenshot by Jessica Dolcourt/CNET)

Event check-ins are the third substantial feature in this Facebook update. If you're invited to a friend's birthday party, for instance, you'll now be able to check in when you arrive.

This is a logical extension of Facebook check-ins and one that will encourage more people to actually use the service. A pre-existing feature continues to let you check in to individual businesses via Facebook Places, which is much more difficult if you're attending, say, a friend's birthday party in a vacant warehouse.

Facebook has also modified the Notifications interface and the newsfeed in this latest release.

The iPhone version of Facebook has long led the way in introducing new features in a clean design. In my opinion, it's also been the most intuitive to use. So long as the team continues to roll out useful features that bring the app closer to the Web site's capabilities, I'll continue to be a happy Facebook camper.

Originally posted at iPhone Atlas

Comodo hacker says he's protesting U.S. policy

Posted: 04 Apr 2011 02:05 PM PDT

After a hacker obtained fraudulent digital certificates that could be used to impersonate Google, Yahoo, Skype, and other major Web sites, the security company that issued them blamed the Iranian government.

There is only "one conclusion," Comodo, the Jersey City, N.J.-based issuer of digital certificates said in a report tracing the intrusion to Iran. "This was likely to be a state-driven attack."

Well, not quite. The perpetrator claims to be a 21-year-old Iranian patriot--a "single programmer with the experience of 1,000 programmers"--who told CNET he carried out the intrusion in large part to protest the policies of the U.S. government.

As proof, "ComodoHacker" has posted the private half of a digital certificate obtained during the intrusion into the network of GlobalTrust, a Comodo reseller in Italy. (ComodoHacker also uses the aliases "Sun Ich" and "Ichsunx," which he says are random.)

That was enough to convince the skeptics. Robert Graham of Errata Security described how he verified the digital certificate, meaning that ComodoHacker did have information that only Comodo, or the perpetrator of the intrusion, would be able to obtain. Even Melih Abdulhayoglu, Comodo's founder and chief executive, now says he's convinced of ComodoHacker's identity: "They've proven themselves," he said.

Of course, that doesn't mean that anything ComodoHacker says about his age, motivation, nationality, and so on is true. And it's also possible that the original perpetrator shared the private half of the digital certificate with third parties, or that it was a group effort in the first place. On the other hand, ComodoHacker has published still more details, including a decompiled file called TrustDLL, about GlobalTrust's systems.

In a series of e-mail messages over the last week, ComodoHacker said that he took over two more Comodo resellers (which the company partially verified).

He said that he compromised "one more" certificate authority besides Comodo, and "if I need I could do more," but declined to identify which one. When asked whether he obtained fraudulent certificates from it, he replied: "Sure."

ComodoHacker says he's never left Iran: "No, I never traveled, I feel so good and safe in my own country." He enjoys visiting, he says, the cities of Mashhad, Shiraz, and Yazd.

Part of the reason he pulled off the hack was, he said, revenge for Stuxnet, which was malware that targeted the Natanz nuclear enrichment plant in Iran and has been linked to the U.S. government or its contractors.

Here's more from ComodoHacker:

On Stuxnet: "USA authorities should understand, they can't do anything they want, they can't look in the world and in internet to find me, but they have no any problem with HBGary CEO which produces malwares to infect people in middle east, they should understand if they sniff emails, I (as 21 years old person) personally can do, we should be equal, I mean CIA and myself. That's the message."

On U.S. foreign policy in the Middle East: "They don't have any policy, their policy is just killing innocent people in Afghanistan and they killed millions in Iraq, just for one this: OIL. The world isn't safe with USA policies, they just attack, they just start wars, they use nuclear weapons (Hiroshima), they don't know anything about talking, see recent USA soldiers scandal in Afghanistan, they kill afghan people for fun. They should learn some basics, first basic thing they should learn is killing and destroying would not solve any of their problem. Killing people with nuclear weapon never solved anything, killing my country's nuclear scientist never solve their problem. I really care about earth future, when a country like USA and Israel with such administration try to rule it. Simply they failed."

On whether he agrees with Mahmoud Ahmadinejad on Israel: "Totally. Israel is 63 years old regime who occupied Palestinian people's land, they should let Palestinian people decide about thier own land, simply they occupied Palestine with help of ENTIRE world, including UK, USA and even Germany and others."

Comodo's CEO hasn't relinquished his belief that ComodoHacker is tied to the Iranian government. He "claims to be pro-government," Abdulhayoglu says. "He's using the media to threaten all the democracy-movement people now."

It's possible that the Iranian government is behind ComodoHacker, who has quickly established a combative online persona that uses Twitter to lament the "stupids" who doubt his exploits and employs hash tags like "#usagovfail" to condemn the West's understanding of Islam and Iran. But that might be attributing too much to a sometimes-brutal regime that the advocacy group Reporters Without Borders says actively censors opposition Web sites, jams satellite broadcasts, and limits Internet connection speeds when criticism of its policies mounts.

Peter Gutmann, a computer scientist at the University of Auckland in New Zealand, offered this salient observation on a Mozilla forum: Comodo "wasn't owned by a nation-state cyberwar agency but by a random script kiddie having some fun."

Related links
Comodo hack may reshape browser security
Full coverage of Comodo hack
Stuxnet expert: Other sites were hit but Natanz was true target

Originally posted at Privacy Inc.

Google Maps for Android adds new location, check-in features

Posted: 04 Apr 2011 01:41 PM PDT

Google Maps for Android location history

Location stats in the new Google Maps for Android 5.3.

(Credit: Google)

Google has tweaked Google Maps for Android once again. Starting today, smartphones running Android 1.6 and up will see new location history and check-in features in Google Maps 5.3.

The first addition is for maps users who have enabled Google Latitude on their profile. If you choose to, you'll now be able to view stats and graphs of your location history, including estimates that break down how you allocate your time at work, home, or elsewhere.

Maps' second feature expands the pre-existing Latitude check-in option to let followers and friends know you're at home when you're not out. You can tap Home to associate your location with your personal fortress of solitude.

Finally, Google Maps 5.3 tweaks the way you rate establishments in Hotpot, its reviews engine. Now you can add not just comments, but traits that define a business, like a swanky bathroom, great music, or comfortable chairs.

Originally posted at Android Atlas

How to remove keyloggers

Posted: 04 Apr 2011 11:49 AM PDT

The Samsung laptop keylogger scare turns out to have been just that--a bad scare. That doesn't mean it's not a good idea to know how to remove a keylogger if you think somebody is recording your keystrokes. In this video, we show you how to check for one, and how to remove it using Security Task Manager.

Webroot gets into Android security with new app

Posted: 04 Apr 2011 07:45 AM PDT

Webroot Mobile Security for Android is available at Best Buy for $14.99 per device per year.

Webroot Mobile Security for Android is available at Best Buy for $14.99 per device per year.

(Credit: Webroot)

Security firm Webroot has announced a new app for Android users.

Dubbed Webroot Mobile Security for Android, the application, which runs on both smartphones and tablets, scans apps for malware prior to installation. It also checks URLs to block phishing attacks. The app's identity-protection feature lets users remotely lock and wipe the device, while a map and "loud alert" help users find their lost hardware. The app also features the ability for users block calls and text messages.

Webroot Mobile Security for Android might be coming at the right time. Last month, several malicious applications were found in the Android Market that had made their way onto about 260,000 Android-based devices. Google eventually removed the apps from its marketplace and deleted them from the devices they were running on.

Just a few days later, Adobe announced a Flash Player flaw that affected Android devices, in addition to Windows, Macintosh, Linux, and Solaris users. The company said at the time that the flaw could cause a device to crash or "potentially allow an attacker to take control of the affected system."

Webroot's app joins several others in trying to protect Android users. Symantec, McAfee, and Lookout are among the companies that offer Android security apps.

Like those other solutions, Webroot's Mobile Security for Android is available in the Android Market for free. However, the premium, full-featured option, which adds remote wipe and the app inspector, is available only via Best Buy. It retails for $14.99 per year per device.

Originally posted at The Digital Home

Comodo hack may reshape browser security

Posted: 04 Apr 2011 04:00 AM PDT

Major browser makers are beginning to revisit how they handle Web authentication after last month's breach that allowed a hacker to impersonate sites including Google.com, Yahoo.com, and Skype.com.

The efforts are designed to remedy flaws in the odd way Web security is currently handled. Currently, everyone from the Tunisian government to a wireless carrier in the United Arab Emirates that implanted spyware on customers' BlackBerry devices and scores of German colleges are trusted to issue digital certificates for the largest and most popular sites on the Internet.

Microsoft's manager for trustworthy computing, Bruce Cowper, told CNET that the company is "investigating mechanisms to help better secure" certificate authorities, which issue trusted digital certificates used to encrypt Web browsing, against this type of attack.

On Friday, Ben Laurie, a member of Google's security team, said the Mountain View, Calif., company is "thinking" about ways to upgrade Chrome to highlight possibly fraudulent certificates that "should be treated with suspicion."

If the technology were widely adopted and glued into major browsers, that would have made last month's Comodo breach a non-event. The Jersey City, N.J.-based company announced on March 23 that an intruder it traced to Iran compromised a reseller's network and obtained fraudulent certificates for major Web sites including ones operated by Google and Microsoft. The FBI is investigating.

Comodo alerted Web browser makers, which immediately scrambled to devise ways to revoke the fraudulent certificates. There's no evidence the certificates were misused.

Peter Eckersley, a senior staff technologist at the Electronic Frontier Foundation who has compiled a database of public Web certificates, says one way to improve security is to allow each Web site to announce what certificate provider it's using.

Each browser trusts as many as 321 certificate authorities equally, a security nightmare that allows any of them to publish fake certificates for, say, Google.com. It's as if hundreds of superintendents in New York City had the master keys to every unit in every apartment building--as opposed to the normal practice of one master key per each superintendent.

Eckersley says browsers should be developing "a way for each domain name holder to persistently specify its own private certificate authority if it wishes to." Once that is established, "mistakes at any one of thousands of other organizations would no longer give hackers a magic key to your systems," he says.

Securing domain names with a technology called DNSSEC will also play a "large" role, he says. Other long-term technical fixes that have been proposed have names like DANE, HASTLS, CAA (Comodo's Philip Hallam-Baker is a co-author), and Monkeysphere.

Comodo's revelations have highlighted the flaws of the current system. There is no automated process to revoke fraudulent certificates. There is no public list of certificates that companies like Comodo have issued, or even which of its resellers or partners have been given a duplicate set of the master keys. There are no mechanisms to prevent fraudulent certificates for Yahoo Mail or Gmail from being issued by compromised companies, or repressive regimes bent on surveillance, some of which have their own certificate authorities.

The Internet death penalty
Another option would invoke the Internet death penalty: revoking Comodo's status as a trusted source of digital certificates. Each major browser has a different list of which certificate authorities are trusted, and Comodo appears on all of them. (See related CNET article and spreadsheet.)

Mozilla says in a Web page that it is "interested in more detailed impact assessments" of how the death penalty applied to Comodo--an unprecedented punishment--would work in practice.

Cowper declined to provide details about whether a similar step is being considered for Internet Explorer: "Microsoft will not discuss any decision about Comodo's membership in the Windows Root Certificate Program." He added: "Microsoft is in ongoing discussions with Comodo regarding this incident. After completing this review and evaluating the appropriate mitigation steps, Microsoft will ensure that Comodo and other (certificate authorities) comply with any updated program requirements."

Microsoft already requires that certificate authorities submit "complete a qualified audit and submit the audit report" every 12 months. So does Mozilla.

Google's Chrome browser relies on the list of trusted certificates compiled by Microsoft and, under OS X, Apple. "We haven't deviated from the default lists, nor do we have current plans to," a Google spokesman says. Apple did not respond to a request for comment.

Melih Abdulhayoglu, Comodo's founder and chief executive, says that security has been tightened as a result of the breach in an Italian partner's network.

"There is no 100 percent security," Abdulhayoglu added. He said that "any large" issuer of digital certificates is susceptible to concerted attacks. "VeriSign and Comodo, we've both had issues."

Norway-based Opera Software, maker of the eponymous Web browser, is considering a "move towards stricter requirements regarding having revocation information available before allowing a secure connection to complete."

Opera's Yngve Pettersen wrote in a blog post last Thursday that such a requirement would make it easier to revoke certificates that were issued fraudulently.

Originally posted at Privacy Inc.
at

No comments:

Post a Comment