UPDATE for Wednesday, September 30, 2009:  Firefox 3.5.3 won’t open on XP (even in safe mode.) I uninstalled and reinstalled 3.0.13.  It works on Vista, but crashes with tabs lost at minimum of 3x+ per day.

UPDATE for Sunday, September 13, 2009: upgraded to Firefox 3.5.3 at the end of last week and I am very happy with this upgrade!  No blank pages!

——————————————————————————————————————

While in the midst of an anti-Firefox 3.5.2 rage this morning I unistalled it.  After suffering more than a week of frustration in the form of myriad crash/ burn/freeze sites, constant restarts, thousands of cache refreshes, and clearly a bad attitude (minced quite often with expletive words) – I dumped 3.5.2 and couldn’t be happier!

You can still read some of my 3.5.2 complaints on twitter…

1. teksquisite I’ve been forced to switch to google chrome – though I miss my plugins – I don’t miss #firefox 3.5 aggravation [no refresh] about 14 hours ago from TweetDeck
2. teksquisite It appears that #firefox 3.5 does not play nice with sites that advertise either… about 20 hours ago from TweetDeck
3. teksquisite RT @TechCrunch #Firefox 3.5 Not Playing Nicely With Twitter http://tcrn.ch/6ISr about 20 hours ago from TweetDeck
4. teksquisite I feel like I have been at war with Firefox 3.5.2 for the past week – I’m not giving up! 7 days ago from TweetDeck
5. teksquisite I might have to start a column on 101 ways to kill Firefox… 7 days ago from TweetDeck
6. teksquisite Firefox 3.5.2 = The server at twitter.com is taking too long to respond. 7 days ago from TweetDeck
7. teksquisite I am ever so annoyed with Firefox Browser 3.5.2 – Crash, blank page, crash, blank page CRASH CRASH CRASH 7 days ago from TweetDeck
8. teksquisite RT @TechCrunch I Want To Love Firefox 3.5, But It Keeps Crashing On Me http://tcrn.ch/42FI 8 days ago from web
9. teksquisite If I did not use all these addins I would avoid using Mozilla Firefox Vs 3.5 – I have been direly disappointed. 8 days ago from TweetDeck
10. teksquisite Mozilla Firefox 3.5 crashes (on an average day) aprox. 5-7 x 8 days ago from TweetDeck

After uninstalling Firefox I fidgeted around with a few other browsers.  They all lacked the look and feel that I had grown accustomed to with Firefox. I felt like I had buried an old friend. I’ve been a Firefox fan since Phoenix days, and specifically love Firefox for its flexibility and addin capabilities.  What would I do without Firefox?  How could I browse the Internet without my favorite addins?

Firefox withdrawal began to set in and I wondered “How would I cope?”  Soon I might be turned into a browser-less shell of the Internet surfer that I once was! My brain screamed “I WANT MY FIREFOX BACK!”

I ended up downloading Firefox 3.0.13 but, still had a bit of a caching problem. Deep sigh. I began to wonder if there could have been some corruption with the old profile so I created a new profile and deleted the old one. Viola!  Firefox 3.0.13 is up and running with no caching problems and I have all of my addins reinstalled.  I’m happy now and I am not upgrading Firefox anytime soon…

Until next time – Stay safe online!

If you are new to WordPress and using Microsoft Word as your editor, TinyMCE for WordPress, and Firefox as your browser there are a few steps that you will need to take so  that you do not end up with a messy and annoying front end of garbled and coded text.

This is what the code looks like when you copy and paste formatting directly from Microsoft Word 2007 into the back-end of WordPress using TinyMCE Advanced editor.

Obviously you will not want any of your blog posts to look like this!  There are options in WordPress that will allow you to paste this same text as plain text or to remove the formatting completely.

There is also an excellent WordPress Tutorial over at likoma.com with complete instructions, including a video, that will show you how to clean up Microsoft Word formatting from WordPress.

For the technically savvy daredevils out there you can download the WordPress Word Plug-in and edit the tiny_mce init file.  You can find the instructions on how to accomplish this over at the TinyMCE Forum at moxie.net.

If you don’t want to mess with any of the above solutions, simply paste from Word into Notepad and from Notepad into the WordPress back-end to remove Word formatting.

Until next time – safe surf!

It is time to blow the dust off this blog and get back into updating the Tekblog on a regular basis!  I must confess that I have been ultimately quite lazy since the New Year began.  The move took a huge amount of energy and I am still not completely unpacked.  The storage room has evolved into a catastrophe of endless boxes still covered with tarp…

The first security post of 2009 involves protecting your personal data and how not to become a victim of phishing.   The Canadian Marketing Association defines phishing as “a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information.”

It appears that ASProx botnet is squirming around a bit.  Shadowserver Foundation reported on January 29th of this year that ASProx had been phishing again at the UK Alliance and Leicester Commercial Bank.

If you do your banking online it is very important that you verify that you are using the correct website! I have a few suggestions that you can begin utilizing today:

1- Look for the GOLD lock in the lower left or right hand side of your internet browser and make sure that the web address for the bank begins with https://

2- Double-click the GOLD lock and make sure that the site security certificate matches the name that is on the address bar.  If you are not sure what you are looking for check out the TD Banknorth website at https://secure.tdbanknorth.com

The name on the address bar at TD BANKNORTH should be secure.tdbanknorth.com and it will be located right next to the GOLD lock.

3- Use the Firefox web browser and install the ShowIP add-on.  ShowIP will display the sites IP address.  If you are not  familiar with internet addressing then you can peek at this nice little article at Wikipedia.

When I arrive at the https TD Banknorth site the IP address is 12.111.190.163. This is a static IP address. I can verify the IP address by looking up secure.tdbanknorth.com in the WHOIS input box at Samspade.org. The Samspade search will return this value: secure.tdbanknorth.com = [ 12.111.190.163 ]  This is a perfect IP match and I can now safely bank online!

Network Security Journal lists 44 ways to guard against phishing attacks and states  “If you come across a phishing scam, REPORT it at once to the Anti-Phishing Working Group, the U.S. Federal Trade Commission (FTC) and the FBI through the Internet Fraud Complaint Center, both of whom work to shut down phishing sites and catch those responsible.”  Be sure that you close any compromised accounts immediately.

Until next time — safe surfing!

Final Note: Firefox 3 or later contains built-in Phishing and Malware Protection.

Researchers have detected a Trojan horse program that targets only Firefox users. Trojan.PWS.ChromeInject.A places itself in the Firefox plug-ins folder and uses JavaScript to detect when users are visiting specific banking websites; the malware then steals the login credentials and sends them on to a server in Russia. Users’ computers become infected either through drive-by downloading or by being tricked into downloading the malware.

Firefox Users Targeted By Rare Piece of Malware

Firefox plug-in Trojan harvests logins

Firefox Plug-In Harvests Web Passwords

My concern over clickjacking (that I posted late last month on the Tekblog) appears to be resolved for safe surfing in Firefox with the upgrade of a security tool called NoScript with clearclick. BTW, I strongly believe that Firefox is one of the most secure web browsers on the internet today.

Google, IBM Internet Security Services, and the Swiss Federal Institute of Technology conducted a study “Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the “insecurity iceberg.” The study concluded that of the hundreds of millions of users accessing Web browsers worldwide, more than 600 million were at risk of attack for not running the latest, most secure Web browser version as of June 2008.

You should check out US-Cert to read about how you can secure your web browser for safer internet surfing.  Ultimately, we must all remember that we are all responsible for contributing toward a safe internet community.  Just as you would not attempt to drive a car across country with bald tires, you should not attempt to navigate the internet with a bald browser.

I will admit that the NoScript addon can be a real PITA at times because you have to allow or forbid and decide what options will work best with that particular website.

As an example:  Clearclick blocked the home page of Teksquisite.com

scripts-forbidden

Giorgio Maone from hackademix.net states that  “whenever you click or otherwise interact, through your mouse or your keyboard, with an embedded element which is partially obstructed, transparent or otherwise disguised,  NoScript prevents the interaction from completing and reveals you the real thing in “clear”. At that point you can evaluate if the click target was actually the intended one, and decide if keeping it locked or unlock it for free interaction.”

In order to allow all JavaScript menus to operate freely with clearclick I had to allow teksquisite.com

You can get the latest stable version of NoScript 1.8.2.1 here.   Supported browsers: Firefox 1.5.0.6 and above, SeaMonkey 1.0.5 and above, Flock, IceWeasel, and Minefield.  Don’t go on the internet without it!

Happy surfing

Details of Clickjacking Attack Revealed With Online Spying Demo!

“A researcher has “hacked” the mysterious clickjacking attack and today posted a demonstration in his blog on how the Web-borne attack works.”

Update on Clickjacking from Network World on 10-9-2008

“For the moment, there’s little that end users can do to protect themselves and maintain the Internet’s usability, said Hansen. One tactic, only available for Firefox users, is to install the NoScript add-on, he said. “NoScript does a great job of supplementing [Mozilla's] slowness in patching, but it’s not really the best way to protect users,” Hansen said, referring to NoScript’s content blocking, which can render some sites unusable.”

“Finding a solution for clickjacking will be very complicated, which is why we don’t see a quick solution,” Hansen said. “But if we don’t give it the attention it deserves now, it could be used in the future for much more effective targeted attacks.” Robert Hansen, founder and CEO of SecTheory LLC