How will you stay safe when surfing the web this new year?  We’d like to offer some tips.  Security takes up a large part of our work in building a web site for the DOD.  As we try to keep current on new web attacks, we often find vulnerabilities that cannot easily be fixed.  It seems to take years for web-sites to address the problems.  For example, session side-jacking has been around for years.   But it wasn’t until firesheep made the vulnerability so easy to exploit that major websites like hotmail and facebook have started to address it (Facebook still hasn’t fixed the problem, but they say they are working on it.)

We don’t have to wait years for web-sites and browsers to address these new attacks.  To protect ourselves, we use Firefox or Chrome with an arsenal of pro-active plugins.  Here is a collection of our favorite Firefox add ons that help us use the web more safely.  These are what we recommend to our friends and family.  Here is a list, in order, of the most protective add ons for firefox and why:

NoScript –  turns on and off javascript, java, and flash from web sites.  You can turn these features on for sites you trust.  It helps you consciously think about which pages you trust.  WARNING: This is intrusive and will probably break some web sites the first time you go there.  But it is worth the time to learn how to use it.  Here is a quick video describing how to use it
RequestPolicy – keeps web-sites contained to their own domain, helping prevent cross-site attacks, specifically Request Forgery(CSRF).  Here is a CSRF attack scenario: Suppose you are logged into you bank, […]