Free Help from Tech Experts

Geeks To Go is a helpful hub, where thousands of volunteers serve up answers and support. Check out the forums and get free advice from the experts, including malware removal and how-to guides and tutorials. Converse about Windows 10, get system building advice or download files... Go to forums >>

Archive for Browser

Heartbleed–Things you should know and what you can do about it

 

What Is It?

By now I’m certain you’ve heard of the Heartbleed bug. If you haven’t, then you should know that it is a flaw found in one of the most common open source SSL implementations on the internet that COULD allow an attacker to get sensitive information from the web server. A successful attack could expose the server’s SSL private keys that would allow the attacker to decrypt the data traveling to the site, such as usernames and passwords.

As of now there have been no confirmed attacks using this bug, but an exploit of the bug is completely untraceable so there’s no way to be certain if a site has been targeted.

Places to learn more:
General information
LastPass and the Heartbleed Bug
How Heartbleed Works: The Code Behind the Internet’s Security Nightmare

How can you tell if a site is affected?

First, you need to figure out how vulnerable your data might be. There are several  lists of vulnerable sites that you can manually search through and several online tools that can be used to check specific sites (lastpass and SSL Labs have two particularly useful tools, linked below). There is a Chrome extension that can help identify vulnerable sites as you visit them. The folks at www.Mashable.com have a “hit list” of sorts that lists several sites that they have had direct communication with and recommendations as to what you should do to protect yourself on those sites.

Since Google’s Android operating system is built on open source principles, it is heavily integrated with OpenSSL so any Android device may be vulnerable to this bug as well. Lookout Security has developed a tool to check your device for vulnerability (linked below). If your device is vulnerable you will have to wait for an update for the device.

How can you protect yourself now and in the future?

Once you’ve identified what sites you’ve used that contain sensitive information, you need to change your passwords. You should make sure that they have patched their systems before you change your password for good but many experts are saying that you should change the passwords now just to be sure that any data captured in the last 2 years is safe.

Many systems online were not affected at all because they run on server platforms that don’t use OpenSSL (like Microsoft IIS). These sites have not been compromised by this bug and you should make your own judgment as to whether or not you should change your passwords. If you have used the same username and password combination on an unaffected site as you have on an affected site, you should change your password on both, and make sure they’re different this time.

If you have two factor authentication in place (which you should on any service that supports it) you are at an advantage since even if someone has your username and password they don’t have your second authentication method (typically an app or a text to your mobile phone). You should probably still consider changing your passwords on these sites to be safe.

If you use a password manager (like LastPass or Keepass) then you should most likely regenerate new passwords for your important sites. If you’re using LastPass, they have updated their app to include a tool that will automatically alert you of the Heartbleed status of any sites that you have saved or generated passwords for and give you suggestions as to when you should change their respective passwords.

You should never use the same logon and password for two important sites (like your banking site and your email). If you are using the same information on multiple sites that are important to you, you should change them now so that they are different.

The best thing you can do is not panic and stay aware of the current status of this bug. Keep checking the status of your frequently visited SSL enabled websites and if any of your important sites aren’t patching their systems, find a different company to do business with.

How to Disable Java in your Web Browser

Recently a “zero-day” exploit was discovered in Java. Oracle typically follows a quarterly patch cycle meaning a patch may not be available until mid-October. 3rd party applications like Java are frequently exploited, and it’s a good idea to unplug it from your browser. This will prevent infection from this and future exploits.

To disable Java in Chrome:

Type chrome://plugins/ into the address bar. Scroll down to Java and click Disable.

chrome-java

To disable Java in Firefox:

  1. Click the Firefox button.
  2. Click Add-ons.
  3. On the left menu click Plugins
  4. Click the Disable buttons next to Java Deployment Toolkit and Java™ Platform

Read the rest of this entry »

IE9 – The Beauty of the Web

Internet Explorer 9On September 15 2010, Microsoft announced a public beta version of their web browser Internet Explorer (IE). Microsoft claims that this new version, IE9, is going to be a more secure, stable and faster browsing experience. Being a little skeptical toward Internet Explorer, I wanted to see this for myself, so I set out to get my copy of IE9 over at The Beauty of the Web.

Quoting The Beauty of the Web;

“As amazing as the web is, its potential is immeasurably greater. Internet Explorer 9 was designed to let that potential shine through. Click below to see how developers and designers are creating a more beautiful web using HTML5 and advancements in Internet Explorer 9.”

I myself am a big fan of Google Chrome. I love the speed it offers and the minimalistic UI it offers, therefore I won’t only be comparing IE9 to IE8, but I will also write about my experience in the difference between the two different browsers. Now I am just hoping that Internet Explorer can live up to the expectations I have as a frequent web user.

Read the rest of this entry »

Get Rid of All of Your Bookmarks!

Quix is a nifty new application that allows you to create an all-in-one solution for bookmarklets and bookmarks, as well as an easy way to shorten links and post to multiple locations, all from any browser. Use Quix to free up a large portion of your bookmark toolbar real estate! It is an extensible bookmark in and of itself, allowing you to access all of your bookmarks – no matter which browser you happen to be using! It maintains all of the necessary shortcuts in one tiny space.

Read the rest of this entry »

Firefox Mobile to Launch Soon

Finally, the browser that holds about a 25% share of the market is ready to launch their mobile version. This has been a long-anticipated announcement for some die-hard Firefox users. The developers are currently in the final testing phase, and hint that the offering may be released by the end of the year!

Read the rest of this entry »

Google CEO Claims You Shouldn’t be Worried about Privacy

Firefox-logoGoogle CEO Eric Schmidt has set the Internet on fire with his latest speech. During his talk, he touched on privacy concerns of everyday users. Apparently, Google has grown so big that they have forgotten exactly what it was they set out to DO in the first place. Mr. Schmidt claims that only those who have done something wrong – or have something to hide – should ever be concerned about their privacy.

Read the rest of this entry »

Is the Triple Engine Browser Lunascape Right for You?

lunascapeMany people have never even heard of this browser, despite the massive amount of press it received late last year. I randomly asked about 200 people yesterday what their thoughts are on Lunascape 6.0 ORION – their newest beta version. There were only four people who replied that they have ever tried it, and only two of those who currently use it. Both of those people are, not surprisingly, developers.

Lunascape makes use of all three major web rendering engines: Gecko (Firefox), Trident (Internet Explorer) and WebKit (Safari and Chrome). People who use the browser can instantly switch between the three different engine modes by right-clicking a browser tab or by clicking on the engine switch button that you’ll find at the bottom-left of the screen.

Read the rest of this entry »