Qualys Blog Post Response

Nov 27th, 2013
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. This is an addendum to a Qualys blog post[1] about securing your browser. Checking browser plugins is a good idea (Mozilla has their own webpage that does that for you [2] ) I don't think it's sufficient to call your browser "secure" ;)
  3. First, get the HTTPS Everywhere extension for Firefox and/or Chrome. No browser is complete without it :D
  4. -> https://www.eff.org/https-everywhere
  5. This will rewrite unsafe HTTP links to HTTPS if the website supports SSL/TLS. This means your communications will be encrypted on your browser and decrypted on the web server. (Communications such as, your credit card data!)
  7. Second, install NoScript!
  8. -> https://addons.mozilla.org/en-US/firefox/addon/noscript/
  9. NoScript will let you selectively enable/disable Javascript on domains you trust/distrust and generally make life more difficult for people who might want to attack your browser. :D
  11. Third, get AdBlock Edge!
  12. -> https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/
  13. If you have Adblock Plus, uninstall it and replace it with ABE. ABE stops all ads, where as ABP only stops "unacceptable" ones. Because advertisers are often allowed to load third-party Javascript onto otherwise-secure pages, they're an attractive option for someone who wants to infect your computer with malware. Also, ads are annoying.
  15. Fourth, get Disconnect!
  16. -> https://disconnect.me/
  17. Disconnect makes it harder for companies to spy on your online behavior from one website to another. I highly recommend it.
  19. And finally, get RequestPolicy.
  20. -> https://www.requestpolicy.com/
  21. RequestPolicy allows you to enable/disable third-party requests (images, videos, iframes, Javascript, etc.) and generally complements the security offered by the above addons.
  23. There, now your browser is "secure". Next you should focus on securing your network and maybe using a VPN over Tor purchased with Bitcoins just to be safe? ;D
  25. Other URLs referenced in this pastebin:
  26. [1] - https://community.qualys.com/blogs/laws-of-vulnerabilities/2013/11/27/secure-your-browser-before-shopping-online
  27. [2] - https://www.mozilla.org/en-US/plugincheck/
RAW Paste Data