gHacks Technology News | Latest Tech News, Software And Tutorials » secure-profile

Use Google Chrome For Secure Web Browsing

Martin Brinkmann — Sat, 10 Jan 2009 17:58:05 +0000

One of the latest additions to the Google Chrome browser is the ability to force SSL. What this means is that the web browser will only open websites using the https protocol. Connections to insecure websites that only make use of the http protocol will not be initiated. Google Chrome will display the message that the webpage is not available in that case.

Why would someone want to force SSL in the web browser? The answer is easy: To increase security. This is an excellent way to deal with most phishing threats. Phishing sites are currently copying the looks and feels of popular financial sites. What they do not do is to make use of the https protocol. This means that those phishing pages would not even be opened in Google Chrome as they are not making use of https.

Here is the idea. Create a Google Chrome profile that forces SSL and that is purely used for accessing sensitive sites. This could be PayPal, Gmail, other financial sites and basically any site that is making use of the https protocol.

The ability to force SSL is only available in the latest developer’s build of Google Chrome. Read the Google Chrome 2 release announcement article for information on how to obtain a copy.

The force SSL option has to be supplied as a parameter during startup. This can be done by appending –force-https to the Target row in the shortcut’s properties.

Does anyone know if there is a similar option for Firefox or Opera?

Protect your Firefox Profile

Martin Brinkmann — Sat, 27 Jan 2007 09:02:13 +0000

A Firefox profile stores all personal information such as bookmarks and passwords in it. Everyone who is starting up Firefox with that profile is able to use your saved passwords and cookies as well which is a security risk if you ask me. One way to overcome this would be to protect the Firefox profile folder by moving it to a location that is not accessible to anyone except you.

I did this by moving the profile to my encrypted hard drive. The hard drive is encrypted using True Crypt and the profile can only be accessed if I provide the security key to decrypt the hard drive. Other means are theoretically possible as well, use a portable device that has to be plugged in before you can use the profile.

Moving a profile to another location is not difficulty at all. Close all instances of Firefox and locate your profile folder. This is usually in Document and Settings under Application Date, Mozilla, Firefox, Profiles of the user who is logged into windows currently.

Move the complete folder to a different location. Open up profiles.ini afterwards (located in Firefox in Document and Settings). Change the path= parameter to the new location of your profile and change the parameter IsRelative=1 to 0.

Restart Firefox to see if the changes have been made. If all your bookmarks for instance load fine the changes have been successful. If that is not the case double-check the path parameter in profiles.ini.