6. Teach you how to build Firefox like a copper wall!

Article Title: 6 teach you how to build Firefox like a copper wall !. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The number of users of Firefox browsers is increasing. Users may worry about security when using Firefox. The following six browser security settings skills eliminate all doubts.

1. Modify useragent

In FF, enter about: config to add general. useragent. override.

Set to GoogleBot 1.2 (+ http://www.google.com/bot.html)

You can also set it to another one.

When set to googlebot, access to some sites is restricted, such as yahoo, wiki, and gmail. You can also use the firefox plug-in to switch the useragent.

　2. Install the Security plug-in

Install NOSCIRPT and FIREKEEPER.

In NOSCIRPT, set "JAVA/adobe flash/SILVERLIGHT/Other plug-ins/IFRAME" to prohibit all check.

If you select to apply these restrictions to a trusted site, these settings do not affect your use.

　3. Install TOR and TORBuTTON

Use TOR to browse untrusted websites. But do not use a TOR for E-mail or anything. The fbi and tianchao both set a lot of sniffable exit nodes.

　　4. Cancel File Association

Files in wma, avi, and swf formats can be automatically opened and played by default. This is dangerous. On the one hand, you can use these objects to determine the operating system version. In addition, Windows media player overflow may also affect ff.

In the file type, set all file-type actions to save to the local disk. If you want to view flash, No matter flash.

　　5. XSS/CRSF Protection

There are noscirpt and firekeeper, which should have done well in anti-Cross-Site defense. But you have to set it just in case.

Clear my data when I quit FIREFOX.

In this way, the firefox cookie will be cleared every time you exit. If someone else sends a URL to ask you to click something, it will not steal cookies or anything.

　　6. prevent other EXP attacks and catch 0-day attacks

The above settings are safe. But not enough! Firekeeper can help.

The following is a rule of firekeeper.

Alert (body_content: "anih | 24 00 00 00 |"; body_re: "/^ RIFF. * anih $. * anih (?! $)/S "; msg:" possible ms ani exploit "; reference: url, http://www.determina.com/security.research/vulnerabilities/ani-header.html ;)

Similarly, we can determine whether any jpg or gif contains a unique file header. In this way, you can determine whether the image is true or not. However, if the image overflows, there is still a file header. This can also be disabled, but it does not make sense for browsers.

So I gave some keywords for firekeeper:

Unescape

Eval

0x0A0A0A0A

0x0d0d0d0d

0x0c0c0c0c

Payload

5% u * in a row *

5 In a row &#

......

In this way, we can not only defend against the attack, but we may be able to catch any 0day if we are lucky.