hardening the firefox browser
play

Hardening the Firefox browser Preventing unwanted background traffic - PowerPoint PPT Presentation

Jan 02, 2024 •327 likes •470 views

Hardening the Firefox browser Preventing unwanted background traffic to Google, Pocket and hidden telemetry to Mozilla Per Foyer per@foyer.se 10 10 Cryptoparty 201911-R1 Hardening Firefox: Method To harden Firefox we need to: 1. Adjust

  1. Hardening the Firefox browser Preventing unwanted background traffic to Google, Pocket and hidden telemetry to Mozilla Per Foyer per@foyer.se 10 10 Cryptoparty 201911-R1

  2. Hardening Firefox: Method To harden Firefox we need to: 1. Adjust visible configurations in Options / Preferences 2. Do a fair amount of changes to parameters hidden in the about:config settings (behind the scene): • Disabling Pocket • Disabling WebRTC (notorious for leaking) • Disabling sending of crash dumps • Combat telemetry settings • Remove all references to Google First, let’s have a look what’s going on the network interface when using a stock installation of Firefox… 11 per@foyer.se Cryptoparty 201911-R1

  3. Firefox - stock install (1) Wireshark monitoring host’s NIC Firefox started… (outgoing traffic) Not touching the browser! 12 Per@Foyer.se Cryptoparty 201911-R1

  4. Firefox - stock install (2) Not touching the browser! Massive amounts of requests being done… 13 per@foyer.se Cryptoparty 201911-R1

  5. Firefox - stock install (3) Not touching the browser! Say hello to Google… 14 per@foyer.se Cryptoparty 201911-R1

  6. Firefox - stock install (4) Still not touching the browser! Probable telemetry sent to Mozilla 15 per@foyer.se Cryptoparty 201911-R1

  7. Firefox – Hardened! Just started A short initial burst of (unknown) connections to one single Akamai server Then, silence… 16 per@foyer.se Cryptoparty 201911-R1

  8. Hardening Firefox: Step 1 Visible settings Step 0: Backup your bookmarks!!! (Follow me) 17 per@foyer.se Cryptoparty 201911-R1

  9. Hardening Firefox: Step 2 about:config: Pocket (Follow me) 18 per@foyer.se Cryptoparty 201911-R1

  10. Hardening Firefox: Step 3 (Follow me) about:config: WebRTC 19 per@foyer.se Cryptoparty 201911-R1

  11. Hardening Firefox: Step 4 (Follow me) about:config: Crash dumps 20 per@foyer.se Cryptoparty 201911-R1

  12. Hardening Firefox: Step 5 (Follow me) about:config: Telemetry 21 per@foyer.se Cryptoparty 201911-R1

  13. Hardening Firefox: Step 6 about:config: Google… (Done!) 22 per@foyer.se Cryptoparty 201911-R1

  14. Finito!  23 per@foyer.se Cryptoparty 201911-R1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

By JoseeAntonioR INDEX OF CONTENTS 1.- What is Firefox? 2.- Uses of Firefox 3.- How To:

By JoseeAntonioR INDEX OF CONTENTS 1.- What is Firefox? 2.- Uses of Firefox 3.- How To:

Introduction to Firefox By JoseeAntonioR INDEX OF CONTENTS 1.- What is Firefox? 2.- Uses of Firefox 3.- How To: Download Files 4.- How To: History 5.- How To: Tabbing 6.- How To: App Tabs 7.- How To: Set Homepage 8.- How To: Block

557 views • 16 slides
Firefox Security Sid Stamm <sid@mozilla.com> Browser as a Protector Protect Site

Firefox Security Sid Stamm <sid@mozilla.com> Browser as a Protector Protect Site

Firefox Security Sid Stamm <sid@mozilla.com> Browser as a Protector Protect Site Content Safe Platform Third-Party Features Keeping your Secrets Content Restrictions Content Security Policy Content Restrictions Document

560 views • 43 slides
Mastering Astronomy Tips A. Having problems with the website? 1. Update your browser The most

Mastering Astronomy Tips A. Having problems with the website? 1. Update your browser The most

Mastering Astronomy Tips A. Having problems with the website? 1. Update your browser The most recent versions of Microsoft IE, Firefox, and Safari all work with the website. 2. Update your Flash video browser plugin Search for Adobe Flash

372 views • 13 slides
Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles

Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles

Performant Security Hardening Steve Rutherford (srutherford@google.com) Googles Virtualization Security Team 1 Preface This talk is x86 and KVM centric 2 Outline Background Current Hardening Split Irqchip, PIT Prototype Hardening

884 views • 41 slides
To view this event we advise you to use the following browsers. DESKTOP: we support Chrome,

To view this event we advise you to use the following browsers. DESKTOP: we support Chrome,

To view this event we advise you to use the following browsers. DESKTOP: we support Chrome, Firefox, Safari and Edge. Here are the minimum version requirements for each browser: Chrome 55+, Firefox 53+, Safari 12.1+, Edge 42 MOBILE: we have native

882 views • 51 slides
Continuous Localization Agenda Brief History Q&A 1. 4. How we shipped Firefox Continuous

Continuous Localization Agenda Brief History Q&A 1. 4. How we shipped Firefox Continuous

Continuous Localization Agenda Brief History Q&A 1. 4. How we shipped Firefox Continuous L10n 2. Localizing Firefox Nightly 3. Android Analysis of our Android Apps Public 2 Shipping Localized Firefox over time Public 3 The

212 views • 18 slides
Firefox POCs BUG 612029: Remote denial of Service POC Actual POC comes from: BUG 833874 Eats

Firefox POCs BUG 612029: Remote denial of Service POC Actual POC comes from: BUG 833874 Eats

Firefox POCs BUG 612029: Remote denial of Service POC Actual POC comes from: BUG 833874 Eats up memory! Notice no unresponsive script dialogue Firefox version 13 In current firefox version -- warning + debug option, no

254 views • 12 slides
Firefox quality Mozilla Paris | FOSDEM | Feb 3rd 2018 Bonjour ! Je suis Sylvestre Ledru Je

Firefox quality Mozilla Paris | FOSDEM | Feb 3rd 2018 Bonjour ! Je suis Sylvestre Ledru Je

Firefox quality Mozilla Paris | FOSDEM | Feb 3rd 2018 Bonjour ! Je suis Sylvestre Ledru Je parle de Firefox Quality Twitter @SylvestreLedru 2 Bonjour ! 3 Bonjour ! 4 Bonjour ! 5 The Firefox scale About:Firefox We release every 6

775 views • 41 slides
Python for Informatics Database Handout Download and install FireFox and the SQLite Manager

Python for Informatics Database Handout Download and install FireFox and the SQLite Manager

Python for Informatics Database Handout Download and install FireFox and the SQLite Manager http://www.mozilla.org/enUS/firefox/new/ https://addons.mozilla.org/enUS/firefox/addon/sqlitemanager/ Queries insert into Users (name, email) values

503 views • 3 slides
CSN11121 System Administration and Forensics Web Browser Forensic r.ludwiniak@napier.ac.uk

CSN11121 System Administration and Forensics Web Browser Forensic r.ludwiniak@napier.ac.uk

CSN11121 System Administration and Forensics Web Browser Forensic r.ludwiniak@napier.ac.uk Overview Forensics on Internet Explorer and Firefox Structure Information storage Access to the Information storage Tools used to

1.04k views • 40 slides
A new version of Firefox is available Rapid Release of Quality Firefox Products Lukas Blakk

A new version of Firefox is available Rapid Release of Quality Firefox Products Lukas Blakk

A new version of Firefox is available Rapid Release of Quality Firefox Products Lukas Blakk & Sylvestre Ledru Who are we ? Sylvestre Lukas Has been at Mozilla for a year Mozillian since 2006 Debian Developer Release

462 views • 30 slides
Hurricane Hardening Hurricane Hardening Research Research Presentation to the Louisiana Public

Hurricane Hardening Hurricane Hardening Research Research Presentation to the Louisiana Public

Hurricane Hardening Hurricane Hardening Research Research Presentation to the Louisiana Public Service Commission May 4, 2007 Mark A. Jamison, PURC Director Leadership in Infrastructure Policy Leadership in Infrastructure Policy

487 views • 45 slides
Variable values are shown in layers even while authoring (e.g. the actual project/document

Variable values are shown in layers even while authoring (e.g. the actual project/document

COMPOSICA 6 Your Content Anywhere Desktop, Smartphone, or Tablet. Windows, Android, iOS, or Mac. Internet Explorer, Chrome, Firefox, or Safari. Whatever device, platform, and browser combination users may choose is no longer a challenge.

316 views • 3 slides
Cordova and Firefox OS HTML5 for the Mobile Web Jason Weathersby Cordova and Firefox OS

Cordova and Firefox OS HTML5 for the Mobile Web Jason Weathersby Cordova and Firefox OS

Cordova and Firefox OS HTML5 for the Mobile Web Jason Weathersby Cordova and Firefox OS Click Here For Presentation 11/13/14 2 Title Here

190 views • 3 slides
Single Event Upset Hardening Single Event Upset Hardening by 'hijacking' the multi-VT by

Single Event Upset Hardening Single Event Upset Hardening by 'hijacking' the multi-VT by

Single Event Upset Hardening Single Event Upset Hardening by 'hijacking' the multi-VT by 'hijacking' the multi-VT flow during synthesis flow during synthesis Roland Weigand February 04, 2013 Design Automation Conference User Track European

394 views • 17 slides
Hardening Windows Applications Hardening Windows Applications olleB olle@toolcrypt.org The

Hardening Windows Applications Hardening Windows Applications olleB olle@toolcrypt.org The

www.toolcrypt.org Standing on the shoulders of the Blue Monster: Hardening Windows Applications Hardening Windows Applications olleB olle@toolcrypt.org The Toolcrypt Group www.toolcrypt.org www.toolcrypt.org Agenda Agenda Introduction

532 views • 32 slides
What Make Long Term Contributors Willingness and Opportunity in Open Source Community Minghui

What Make Long Term Contributors Willingness and Opportunity in Open Source Community Minghui

What Make Long Term Contributors Willingness and Opportunity in Open Source Community Minghui Zhou Audris Mockus Peking University Avaya Labs Research zhmh@pku.edu.cn audris@avaya.com Outline Long-term contributors (LTCs) are crucial to

389 views • 16 slides
How do people use tabs? Patrick Dubroy University of Toronto pat@dubroy.com dubroy.com/blog

How do people use tabs? Patrick Dubroy University of Toronto pat@dubroy.com dubroy.com/blog

How do people use tabs? Patrick Dubroy University of Toronto pat@dubroy.com dubroy.com/blog twitter @dubroy (presented at Mozilla Corp. in Mountain View, Jan 27/09) The back story I have a love/hate relationship with tabs. Problems

287 views • 12 slides
Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet

Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet

Detecting outages with telemetry Alessio Placitelli - @dexterp37 June 16th - Internet Measurement Village 2020 Italy, March 11th - 2020 Tales from a mid-pandemic network outage Public 2 ...failure on a foreign network... Source :

591 views • 29 slides
Lecture Contents Where are we now? Business Process Management Timeline Recap &

Lecture Contents Where are we now? Business Process Management Timeline Recap &

05/11/2019 LECTURE 4: BUSINESS ARCHITECTURE ASPECTS: BUSINESS PROCESS REDESIGN/ REENGINEERING 1 Lecture 4 : Business Process Redesign/Reengineering CA4101 Lecture Notes (Martin Crane 2019) Lecture Contents Where are we now? Business

587 views • 37 slides
Predicting Vulnerable Software Components Stephan Neuhaus Thomas Zimmermann Andreas Zeller

Predicting Vulnerable Software Components Stephan Neuhaus Thomas Zimmermann Andreas Zeller

Predicting Vulnerable Software Components Stephan Neuhaus Thomas Zimmermann Andreas Zeller Security Advisory 2005-13 Security Advisory 2005-41 Security Advisory 2006-76 Security Advisory 2005-16 Security Advisory 2005-15 Security Advisory

268 views • 25 slides
Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International

Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International

Andreas Zeller Software Systems Dept. Passau University Simplifying Failure-Inducing Input Ralf Hildebrandt and Andreas Zeller ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) Portland, Oregon, August 23, 2000

673 views • 22 slides
1 A typical bug report contains a lot of informaFon that

1 A typical bug report contains a lot of informaFon that

O"en when debugging, we find ourselves with the problem of having an input that crashes a program but not knowing what aspect of the input is

1.02k views • 65 slides
Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key Infrastructure (WebPKI) Root certificates of trusted Certificate Authorities e.g. GlobalSign Root CA, Amazon Root CA, GoDaddy Root CA Root 1 Root 2

347 views • 19 slides

More recommend