Some days, it pains me to see how woefully insecure some web browsers are. Every day, it seems that ten new browser-based exploits (or client-side attacks, as my presentation will tell you) are publicly released, and just because you’re on a site that you think is legitimate doesn’t mean that somebody hasn’t compromised it.
For those of you using Internet Explorer (IE), I pity you. IE, still being the #1 most commonly-used browser in the world, is the target of the most attacks by far out of all the major browsers. If you’re smart enough to use another, better browser, then you’re already one step towards protecting yourself. I’m going to assume, though, that you’re using Firefox or one of it’s derivatives such as Flock, since the plug-in libraries are huge.
1. Use the Web of Trust
My Web of Trust (MyWOT) is a plugin for Firefox that warns you about potentially risky sites. It can alert you to known scam sites, spam sites, and pages that are known for hosting malware. It’s great for getting an idea of how trustworthy the site you are visiting is, and is a great extra level of protection against attacks against your computer.
AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
3. Use Different Passwords
This always seemed like a no-brainer to me, but I know many other people who won’t do this. Using the same password for multiple sites is just stupid. If somebody manages to steal your password from one site, what’s stopping them from going to the other site (and no, having a different user name isn’t going to prevent anything). Instead of using the same password, use different ones, minimum 8 characters, and random characters. If you can’t remember all of those, take two 4-character random strings, and take the domain name, and put each random string on either side of the domain; there’s your password. For example: “4n$sFACEBOOKn4%l”. Swap “e” for “3″, “s” for “$” or “l” for “1″ – think L33T!
4. Clear Those Tracking Cookies
Although you may not realize it, tracking cookies are used to track your movement around the internet. Although you may visit very different web pages, the company that displays ads on the sites may be the same. Beat these cookies with BetterPrivacy, which removes tracking cookies and LSOs from your browser cache.
5. If You Didn’t Expect To Get It, Don’t Click It
I hate to have to reiterate common sense, but sometimes it escapes us. If you didn’t expect to get a link from somebody, or they sent you a file that you weren’t planning on getting, don’t open it. I don’t care if it came from their MSN account; if you didn’t follow rule #3, there’s no reason why their account couldn’t have been hacked. If someone sends you a link, do yourself a favour and just ASK the person what it is before you click it; if you get a reply that is something that your friend would say, then you’re probably okay.
Well, that took longer than expected. Hopefully that’s of some use for people. As always, I appreciate your comments and feedback. If you like what you read, help me out by posting the article on Reddit, Facebook, or Digg (or sending the link to a friend). See you next Monday!