Category Archives: internet

disable flash and silverlight for safer surfing

Flash, Silverlight and (*gasp*) QuickTime plugins in your browser with the modern web are about as necessary as a horse whip is on a Tesla. Well I might be exaggerating a bit. There are still some useful sites out there that actually use these things. Intranet sites that run on IE only for example, or flaky game sites. But any self-respecting web developer has long ditched them in favor of fancy new HTML5 features.

So why would you still run these things in your favorite browser (Firefox right?) where they only take up extra memory and have a bunch of security problems that might end up causing you trouble. There have been enough exploits for the Flash plugin out there to be sure to actually update those plugins every time they ask for it. Which is about every week if I recall correctly.

Anyway, it’s better to turns those damn things off completely and only turn them on when you hit one of those web sites maintained by a dinosaur. That way you’re stopping that evil hacker from taking over your machine with his Flash exploit and you’re gaining some free performance along the way.

In Firefox you can turn those plugins off in your Tools menu, under Add-ons. Just select “Never activate” and you’ll be fine.
Switch it back to “Ask to Activate” if you’d need them again. That way they’ll never activate by accident either, if you forget to turn it back off.
On Chrome it’s a bit more elaborate, but the option “Let me choose when to run plugin content” sounds like a safe bet instead of having plugin code be ran willy-nilly.
IE? Ha! Who cares right?! For anything else, a properly aimed search query should find you the answer in no time.

Oh, and don’t forget to tweak your Flash security settings if you decide to keep it on after all.

The Firefox add-in screen with all plugins disabled. Just like it should be.

join the EFF summer security reboot and get some cool dice

DSC01217The Electronic Frontier Foundation is on the fore-front when it comes to defending our digital rights. Even as a European I think they are doing important work even though they are mostly US centric. This because whatever happens in the US ripples over the pond and affects Europe and the rest of the world anyway. That means that next to larger fast-food portions increased digital surveillance is on its way to the EU as well.
Next to protecting our digital rights they are the author of a number of awesome security plugins and tools like the HTTPS Everywhere and Privacy Badger browser plugins and a driving force behind the Let’s Encrypt free web site certificate tool set.

Next to a lot of security tools and tips (see the site & newsletter) they now have a Summer Security Reboot fund drive where you can get a cool geeky secure-password generating dice set for a mere $20 membership until the 20th of July.

So if you like what they are doing for a secure and free internet in the future, go check them out and get yourself some cool dice in the process.

If you feel more like donating to a EU centric counterpart of EFF, you can check out EDRI.org instead (no dice there though).

Photo by Violet Blue, cc-licensed.

disable javascript in firefox without plugins

This is one for the “it’s easy once you know” category.
In recent versions of Firefox the option to turn off JavaScript had apparently disappeared from the options. Recently I found out where those sneaky Mozilla devs have hidden this handy feature.

In the Firefox menu, go to Tools > Web Developer > Toggle Tools, or use the CTRL-I shortcut key to activate the developer tools side-panel. Once active you see one of those typical cog-wheel icons in the upper right corner showing the settings when you click it.
In those settings, scroll down to the Advanced Settings and flick the “Disable Javascript” check-box. Voila. JS is now disabled for your debugging purposes.

The “Disable Cache” option right above it is also a handy one if you are working on a page. It beats having to hit CTRL-F5 all the time anyway.

The disable JavaScript option in the developer tools settings.

If you want an easier way to control this, store settings per site and things like that, you’re better off installing the NoScript plugin. There’s a reason this option is hidden in the developer tools after all.

reset the net

On´n´Off - Going into standby mode

It’s on!

If you want to kick some NSA buttocks and claim your privacy then get yourself this reset the net pack and install some super-duper encryption for your PC, Mac and phone(s).

There ain’t that much on there really, but if you scroll down to the Other Resources section there’s links there like the Prism Break one I mentioned before, which contain tons of (more techy) tools and software for all your stealthy encryption needs.

Photo by Sven Seiler, cc-licensed.

what drains your battery faster? 3G or WIFI?

So what drains your smartphone’s battery more you think? Using a local WIFI network or the 3G cell network to download stuff from the internet? I Googled it but I didn’t find any solid hardcore scientifically based evidence. Time for a small home-grown scientific experiment then!

So here it is *drumroll*, the WIFI vs 3G battery drainage challenge!

I fired up the Grooveshark html5 app (which is quite nice actually) to non-stop stream music for 20 minutes and checked the battery usage when repeating this for both types of networks. In the meanwhile I was keeping anything else down to a minimum (like activating the screen which is also a juice sucker). Checking the battery usage means simply writing down the percentage displayed in the top Android menu bar before and after the test, so it’s not that precise, but it’ll do.

The results after 20 minutes of non-stop music streaming where:

  • WIFI battery usage : 2% drained
  • 3G battery usage : 5% drained

WIFI beats 3G with more than half of the battery usage in this (not so inaccurate) test. But still, it gives a pretty clear idea of the winner here. So roughly speaking, on 3G you have about 6 hours of music to go and a whopping 16 hours on WIFI before your battery is dead, if you have a Sony Xperia. Taking mobile data costs into account, WIFI certainly seems to be the preferred option to stream anything over.

Heck, I’ll even trow in some pixelarty kinda infographic, to make all the numbers just look a bit more pleasing.

wifi vs 3g battery usage duke-out infographic (sort of)

time to change some passwords

Untitled

So you’ve probably heard of that nasty heartbleed bug this week. If you’re still using the same password all over the place you can now see why that’s a bad idea. If you don’t want to get your accounts hacked, now is a good time to start using KeePass and have random hard to hack passwords for your non-essential accounts, and hard to crack ones for the ones you need access to without any additional software.

Also, two factor authentication baby. Use it.

Picture by Baie, cc-licensed.

how to secure your wordpress blog

carcassonne

WordPress is popular and as it goes with all kinds of popular software, it becomes a target for hackers trying to take over and use your site to send spam into the world, or just cause some other kind of mayhem.

To protect yourself from this kind of trouble, there are a few things you can do to prevent bad things from happening to your precious WordPress site.

  1. First of all, keep your WP software up-to-date. There are usually some security fixes in there and you do want to have those live on your public facing site. Hackers know what the vulnerabilities are in old WP versions and scan the internet automatically for unpatched sites. Don’t become an easy target by not having the latest version of WP installed. The latest version of WP (v3.7.1) is able to do security updates itself which is awesome. Be sure to check if your site supports this and activate it if it does.
  2. Keep your plugins up-to-date as well for the very same reason. Old plugins can offer a way in for hackers and we don’t want that to happen.
  3. Delete (old) plugins you don’t use anymore, or replace them with newer ones. JetPack has a lot on board out of the box now so you can probably ditch a few old plugins. The less plugins you have, the less possible vulnerabilities your site has.
  4. Take regular backups. In case something goes wrong, you can at least restore a version you know isn’t compromised.
  5. Harden your WP site by configuring your .htaccess file if your site runs on an Apache web server. It’s explained nicely how to do that in the link. It can prevent hackers that do get access through a bad plugin to do any more damage to the rest of your site.
  6. Use a long, hard to guess and preferably random password for your admin account. Using a different admin user is also a good idea. Brute force login attempts are made against the default “admin” user, so if that one has a long random password you’re pretty safe there. You can use something easier to remember for an alternative admin account if you want, but I recommend you to use something like KeePass to manage long & unguessable passwords anyway.

Here are some plugins that can help with these tips:

  • WordFence scans your site for possible vulnerabilities by checking your installed WP and plugin files with the ones from the official releases. It also helps with the first 2 tips by warning you by email if a plugin or WP itself needs an update. Quite handy.
  • WP security audit log won’t prevent anything, but it keeps track of logins, updates of plugins etc, so that if something weird happens, you can use it to figure out the “when” and “what”.
  • A backup plugin. There are plenty and you should pick one that fits your needs. I use BackUpWordPress for a DB backup only, but it can also backup the files. It sends you an email with either the zipped backup or a link to download it if it’s too big to stuff in the email. Your hoster might also have a full backup feature, which is usually the best option anyway as it will backup more than just your WP site.
  • BruteProtect protects (as it says) against brute force login attempts, a problem a lot of WP blogs had to deal with lately. Next to that you should of course make sure you have a complex password for your admin account.
  • Bad Behavior is mainly a tool to combat spam, but since it scans for incoming malicious requests it can also block the occasional bot looking for vulnerable sites.