Improve your lame security part 1: Browsers

Padlock on keyboardI’ve had enough, I’m tired of reading people’s nonsense about how they got “hacked” so they had to switch their Facebook account or Skype or whatever. As a person involved in the IT area I feel it like an obligation to give some directions to people who probably take their first steps in working with new technologies or are just not so interested. I will start a small series of articles focusing on some common mistakes users make that expose their privacy to a risk.

First thing to say:

“It’s not the 80’s, nobody says “hack” anymore”

This was a line from the last Iron Man movie and it’s true. Face real life, no one really cares about your Facebook pictures or messages or whatever except your ex or probably some other dumb f**k. People don’t use rocket science “hacking” tools to break into your privacy, and hackers are not programmers nor mad geniuses, normally they are just script kiddies that know how to use some system’s weak sides against its users OR someones dummy-ness against him.  In fact the so called “hackers” infiltrate in your account through the front door, using your own key, called “password”. Here’s one common case of hacking yourself by not knowing.

Not knowing your browser.

This is a serious issue, browsers have default settings to remember history and passwords, you may say this is convenient but in fact it’s a curse. I will give example for two popular browsers – Chrome and Mozilla Firefox. If you have one of these and you saved some passwords, try this:

Chrome:

Write down the following in your address bar: chrome://settings/passwords. The result – a page showing your account and password, highlight it, click “Show” and there is your pass as it is. See, no rocket science involved.

Password in chrome

Mozilla:

They even have a menu item for it, so it’s even easier, just go to “Options” > “Security” > “Saved passwords”.

What this means is, anyone with physical or remote access to your PC could pretty easy find your passwords, and it’s not a hack, it’s part of the browsers features.

Conclusion.

Browsers have a set of malicious default settings that you might want to review to improve your security:

  • Saving browsing history, passwords, location and so on – you really don’t need this, they don’t improve your experience in any manner.
  • If you use a PC occasionally and it’s not your own, make sure that if you log in anywhere you use private browsing session – this is easily set – Ctrl + Shift + N for Chrome and Ctrl + Shift + P for Firefox. Private browsing session means, no data will be saved locally on the PC, once your session is closed, and this is not depending on current browser settings.
  • If you want to save passwords there is a lot of good tools, that store them in a hashed database on your PC and pass protect them. One awesome open source tool for this is http://keepass.info/
  • And of course, don’t let strangers poke your PC physically, otherwise you’re just asking for it.

Well I hope this will light up the dark at least a little bit. Check out some more security tips in the next part.