Firefox/Flock – Pretty Large Security Flaw – Passwords in the clear

November 7, 2007

I picked this up listening to Leo Laporte’s KFI podcast a week or two back and just forgot to blog about it:

Did you know that…

In Firefox or Flock, if you go to Tools->Options->Security Tab, you will see a button called “Show Passwords”. If you click this button you will see a pop up dialog box with a list of all of the sites for which you let FF (or Flock) manage your logon information. It will list each site along with your login name. BUT on this dialog there is another button labeled “Show Passwords”. If you click on this button, it will SHOW YOUR PASSWORDS IN CLEAR TEXT.

Hmm. That ain’t very nice is it. Especially if you work in an environment where other people might have access to your browser.

Luckily, in the original options dialog box, there is a checkbox marked ‘Use Master Password’. Check this box and you will be prompted to enter a master password. This will require that the user enter this password when the browser launches and will require it again if they attempt to show the passwords in the Options dialog (as described above).

Not sure if you let Firefox or Flock manage your logon info, but if you do, you might want to secure them.

Nuking the Firefox Search Box and Finding a Better Way

July 16, 2007

One of the things I never use in Firefox is the search box up in the right corner. I finally figured out how to get rid of it, and it’s super easy-peasy.

Thanks to this wonderful post, you just right-click a blank area on the toolbar, select customize and then drag the search box into the customize window and POOF! it’s gone. Fabulous.

So how do I search? Well I go to and then I … er.. just joking – sadly. What I do is go to the very first time and do the following:

1. Right-click the search box.
2. Choose ‘Add a Keyword for this Search’
3. Name the keyword search.
4. Add a keyword. So for this one I entered ‘gg’
5. Click OK.

For then on, when I want to google search something like ‘favourite sandwich’, I open a new tab (Ctrl-T), type ‘gg favourite sandwich’ in the address bar and hit ‘Enter’. This launches a google search for whatever I typed after the ‘gg’.

I find this feature to be infinitely useful for a variety of searches. I personally have the following keyword searches saved:

gg <search terms> – Google Search
gis <search terms> – Google Image Search
gbs <search terms> – Google BlogSearch
tn <search terms> – Technorati Search
mdb <search terms> – IMDB Search
wkp <search terms> – Wikipedia Search

If you’re comfortable typing, you’ll undoubtedly find this to be a real timesaver. The nice thing is that by hitting Ctrl-T to open a new tab, it plunks the cursor up in the address bar anyway – so just hit Ctrl-T, and type away people!

It’s All Text

June 14, 2007

Via Chromatic’s post at the O’Reilly OnLamp blog, I tried out the It’s All Text Firefox extension and I have to say I love it!

This extension lets you quickly bring up your favourite text editor any time you need to enter text on a web page. I find my own Blogger comment entry box for instance woefully small and inept. With this add-on installed, I can either right-click in the text box and choose “It’s All Text” from the popup menu, or click the semi-transparent edit button that the extension puts at the bottom right of text boxes. If you haven’t set an editor preference yet, it’ll ask you to do so the first time.

From then on, once you do it, your editor of choice (gVim in my case) will pop up and when you save the document, the text gets pasted into the text box. Nice and simple.

I don’t think it works in Gmail’s rich text mode when composing an email, but a quick switch to plain text mode reveals the edit button once again. You shouldn’t really be in Rich Text mode anyway should you… 😉 Of course you can always compose the bulk of the text in plain text mode and then once it’s been pasted in, switch to rich mode to add links and such.

All in all, a very useful tool. If you do a lot typing on the web and miss using your favourite offline editing tool, check it out.