How to fix Firefox–really

I’ve been having problems with Firefox for a while now–crashes and other odd behavior. I’ve put up with it for a while, but I shouldn’t have to. It turns out the fix is very easy, but non-obvious.

Mozilla’s documentation is abysmal. When you move stuff around for no reason, change your docs to reflect the move, so people can find what you’re talking about. Or better yet, leave well enough alone.

If you actually want to fix the problem, don’t fiddle with the menus. Do this:

  • Type about:troubleshooting in the address bar
  • Click “Reset Firefox” in the upper right corner Read more

Chrome and EMET

A week or two ago, Chrome quit working–I would launch it, and EMET would give me a message that it detected Caller Mitigation. It turns out that particular setting isn’t compatible with Chrome 35 and up.

The fix is easy. Launch EMET, click “Apps,” scroll down to Chrome, and uncheck the 10th item from the left.

Google doesn’t recommend EMET because Chrome already does most of the things that EMET forces, and the EMET mitigations that Chrome lacks can be bypassed. To me, that doesn’t make them worthless. It filters out the unsophisticated attackers. And if you make the advanced adversary make the attack more complex, there’s a greater chance of being caught. Security isn’t about preventing everything–you can’t–but you can raise the stakes.

That’s why I disabled Caller Mitigation and keep EMET enabled on Chrome.exe.

I also saw this week that Google is working on a 64-bit version of Chrome for Windows. Finally! Once it comes out of beta, that’s something I’ll be installing. That may be what makes me change allegiances from Firefox.

Firefox memory high? It might be Adblock Plus

Last week, a great deal of discussion about ad blocking and its effect on memory usage took place. This makes a lot of sense, and explains why my memory usage has always been really high.

I’m not sure there’s a lot you can do about it. One of these days I’m going to get around to standing up a pfsense box, which, among other things, can serve as a web cache and block ads for an entire network. My family has enough machines to justify that, and, given that security is what I do for a living, it’s something I need to be experimenting with anyway.

Takeaways from Patrick Gray’s AusCERT coverage

I’ve been listening to Patrick Gray’s coverage of the AusCERT security conference, and I walked away with two major takeaways, one for security professionals and one for everyone.

Everyone first: Use SSL (https) everywhere you possibly can. Generate superfluous https traffic if you can.

Network professionals: Block as much UDP at the firewall as you can.

Read on for more. Read more

Web browser plugins you need to uninstall now–even if you have a Mac

I’ve been seeing a lot of news this week about web browser plugins getting exploited to plant malware on computer systems. A lot of people know to keep Flash up to date, and to keep Java up to date or uninstall it–at least I hope so by now–but there are two targets that people generally forget about: Shockwave and Silverlight.

Because so many people have them installed and don’t know it, and therefore never update them, they are ripe targets for attack. Read more

How to patch less

One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?”

The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you can mitigate, but there’s no longer any such thing as a completely friendly network. The reasoning that you’re behind a firewall doesn’t work anymore. On corporate networks, there’s always something hostile roaming around behind the firewall, and you have to protect against it. If you’re on a home network with just a computer and a router, your computer and router attack each other from time to time. That’s the hostile world we live in right now. Patching is one of the fundamental things you have to do to keep those attacks from being successful.

That said, there are things you can do to patch less. Read more

Upgrading a D-Link DIR-615 to DD-WRT

Last year I bought my mother in law a D-Link router, an oddball DIR-615 revision E1 that was only sold at a few stores. It was supposed to be a Fry’s exclusive, but I bought hers at Micro Center. It worked for a while, then gave her trouble, so this year I was working with it again, and when I was setting it up, I noticed it had some security vulnerabilities–remote code execution, UPnP vulnerabilities, and who knows what else.  So that got me some practice upgrading a D-Link DIR-615 to DD-WRT.

DD-WRT’s track record and attitude towards security research could be better, but I’d rather trust my mother in law to DD-WRT’s B+ security than D-Link’s F.

Read more

Speed up Android with these six tips

Speed up Android with these six tips

I’ve talked before about how to disable animation in Cyanogenmod 10.x, but I’ve done a few other things to conserve some scarce system resources on my gigahertz-ish, half-gig Nook Color. If you’re running Cyanogenmod on a phone that’s a couple of years old, these tricks can help you too. Here are some tricks to speed up Android. Read more

EMET protects against what your antivirus cannot–and it’s free

A few years ago, Microsoft quietly released a security tool called EMET–the Enhanced Mitigation Experience Toolkit. EMET is now in version 4.0, and it’s probably the best security tool you’ve never heard of. And that’s a real shame.

Modern versions of Windows and modern CPUs include several security-enhancing technologies that aren’t necessarily switched on by default. EMET is a wrapper that forces software to use these technologies, even if they weren’t designed from the get-go to use them. The idea, then, is that if a badly behaving data file tries to exploit a traditional vulnerability in one of these programs, EMET steps in and shuts it down. A real-world example would be if you visit a web page that’s playing a malicious Flash video, or that contains a malicious Acrobat PDF. The malicious data loads, starts to execute, and the minute it misbehaves, EMET slams the browser tab shut. You won’t know right away what happened, but your computer didn’t get infected, either. Read more