Category Archives: Security

Lock Down Firefox, With Public Fox Extension

Another problem solved

Something  plaguing us here on the farm has been  our adult autistic son installing Windows software to his Linux computer.

Because he is so skilled in the original Windows Paint software, we have WINE installed on his Linux Mint computers so he can run Paint. The trouble with this arrangement is that even though he only has user access to his Linux desktop, he can still install Windows software under WINE.

No amount of research, permission changes etcetera on may part could prevent this from happening. I was constantly going in at night and uninstalling things like YouTube downloaders, questionable tool bars full of malware and other nonsense. My son was also installing about every Firefox extension he stumbled upon. There were 20 different video downloaders alone, and dozens of other  bits and bobs.

Then this week, I stumbled upon Public Fox

Lock down Firefox with this great tool!

Lock down Firefox with this great tool!

This Firefox add on, allows you to really lock down Firefox. Locking users out of the ability to add or change other Firefox add ons,  locking out the about:cong, history saving, and most all the other Firefox preferences!

Best of all, this add on will allow you to block the downloading of any file type you wish, simply by entering the banned extension!

Files ending in .zip  .exe  .com  .bat  .pdf  now all blocked from even being downloaded. He can’t install a Windows program, if he can’t download it!

Further, you can specify web sites that you wish to block. Yes, I block many sites in my router, but my crafty son figured out that he could go to the secure version of a site and bypass the router’s ability to block it!  This has been a real problem lately, as he’d do a web search for a favorite cartoon character, and end up on a secure porn site that my router couldn’t block.

Using the features in Public Fox, I can block for instance, all .xxx sites, all sites with certain key words, along with my extensive list of sites I’ve compiled that I don’t want him on.

Installation is as easy as other add ons. Just search for it by name, install it, then click on Preferences and set it how you want it.

Preferences

Preferences

Then set the password for Public Fox. This way any changes to Firefox preferences and add ons will be locked tight!

Edit:

There are some reviews that state that this extension no longer works in Firefox. Further that it is serving up adds on its own. All I can say, is that running under Linux, using Firefox version 49, it seems to do exactly what it is supposed to do, and I am not getting any adds from it, though one of my other extensions is AdBlock Plus.

 

Oops, That Kernel Didn’t Work!

Being security conscious, I try to keep everything up to date. This includes the Linux kernel that is the heart of our systems.

In keeping with that, a few weeks ago I changed all of my Mint 17.3 machines to the kernel recommended in the kernel chooser.

Kernel chooser

Kernel chooser

As you can see above, I’m running the kernel recommended by Linux Mint. This went well for all but one of my machines. My bedside, 4 processor, 8 gigs of RAM machine seemed to run fine for a week or so, but I found that when running certain software packages; the computer would completely freeze. Anything to do with video or graphics would freeze at random times with no warning.

Scouring the logs was pointless, as the freeze happened before anything was logged.

At first I blamed a new wireless keyboard / mouse combo that was purchased at the same time. Putting a USB set back in, proved the wireless was not the cause.

Searching the Mint and other forums showed that many people were having the same problem I was. A combination of the processor type and graphics card seemd to be to blame.

By this time I had already removed the previous kernel, so it was time to put it back!

Open your Update Manager, click on View, and then select Linux kernels

In my case, I re-installed the 3.13 kernel that had been working flawlessly before. Of course if there are notes about security issues or regressions that could impact your system, then chose another.

Installing a different kernel

Installing a different kernel

Next you need to edit the GRUB config file, as I was booting quietly, not displaying the boot menu. To do that, simply drop to a terminal and edit it with your favorite text editor. I use medit

$ sudo medit /etc/default/grub

will open your text editor in super user mode.

Edit grub

Edit grub

Editing Grub

Editing Grub

You’ll see in the above example, I’ve commented out, using the # symbol, to have the boot process ignore the two commands at lines 7 and 8. Doing this, will now let me see the grub boot menu at startup. Save and close the file, and then, it’s very important that you tell grub that you’ve changed it. Do this by issuing the command:

$ sudo update-grub

Now it’s time to reboot. When you do, at the grub boot window, arrow down to Select previous Linux version, and select that.

Once you’ve booted up, and after you are satisfied that there are no issues with the new kernel, you can then go back into the update manager and un-install the previous kernel that was giving you fits.

Note: After much experimenting, I was able to upgrade to kernel 3.16, and maintain a stable machine!

 

Security: Watch What Your Kids Do Online!

If you have kids at home using the web, it’s important that you know what they are doing! One of the easiest ways to do that is to actually look at their screen.

Youngsters really should not be using the net in their own room, but rather in a central location in the house so you can keep an eye on them. But if they are using a laptop or desktop in their own room, it’s important to keep an eye on what they do. While my remaining child at home is 28, he is also profoundly autistic, functioning on the lever of a 4 year old. Here’s how I keep track of his net usage:

First, I use VNC. He is using a Dell laptop running Linux Mint 17. Running on Mint of course is the VNC server called vino-server.

Looking at the following screen grab, you can see the desktop sharing dialogue.

Vino setup

Vino setup

In the final section of the setup screen, you want to change the selection from where you see it, to Never. This will prevent the computer running the vino server from alerting the user that it is being connected to.

As you already know I’m sure, this lets me peek in and see what he’s looking at, and if it’s something he should not be looking at, I can block the site in my router.

VNC image

VNC image

In the example above, he was watching a Little Mermaid cartoon on Youtube while drawing one of his cartoons. *(He loves drawing cartoon characters sitting on the potty, I don’t know why!)

Other things you should do to protect your youngster include:

  • Using Opendns.org for their wonderful parental controls. They do a good job at blocking all the porn out there.
  • Use your routers built in filtering system. Block by keyword or specific URL to prevent your offspring from accessing them. *(keep in mind that if the site has a security certificate, then this can be bypassed by a clever kid, hence looking in on them from time to time!
  • Watch your router logs. My router logs tell me every site that has been visited for the last hour. It can be tedious, but checking the logs for sites you don’t want your kids going to.
  • Talk to your kids! Let them know what your expectations are where their network use concerned.

Dumping Flash – Bravo To Firefox!

Having lots of time just laying in bed the last month, I’ve used that time to rewrite my 7 web sites to get rid of Flash.

Probably the most hated piece of software on the planet, having major browsers finally block Flash is a huge step to making it all go away. With the new HTML5 video standards so well supported, I found it time to dump all my Flash content.

Fortunately, I don’t use any Flash elements in my web pages themselves, and I really hope that companies remove that type of content. What I do have over my many sites, are tons of video clips.

Using Handbrake I was able to convert about 150 Flash videos over to .mp4,, which will play natively in any modern browser. Of course converting and reuploading all the videos was the easy part. The most time was spent changing all the web pages themselves to remove the Flash commands and  replacing them with the video tag as shown here:

<video width=”900″ height=”506″ controls>
<source src=”movie56.mp4″ type=”video/mp4″>
Your browser does not support the video tag.
</video>

That’s how easy it is to embed a video in a web page now!

Video, tells the browser a movie is on the way. Of course the width and height tell the browser what size to display it, and controls, tells the browser to turn on the playback and volume controls. Next, you define the source and type of video to expect. In my case, mp4.

For a full list of available options with the Video tag: CLICK HERE

Some web sites like Amazon, use Flash for web site display elements, but thankfully, not having Flash turned on, the site still functions just fine. Other sites, if Flash is off, forget even displaying it all all. Fine, I’ll skip that site until they rewrite it!

So my advice, keep Flash turned off, and tell sites you don’t want it any more!