Firefox/Flock – Pretty Large Security Flaw – Passwords in the clear

November 7, 2007

I picked this up listening to Leo Laporte’s KFI podcast a week or two back and just forgot to blog about it:

Did you know that…

In Firefox or Flock, if you go to Tools->Options->Security Tab, you will see a button called “Show Passwords”. If you click this button you will see a pop up dialog box with a list of all of the sites for which you let FF (or Flock) manage your logon information. It will list each site along with your login name. BUT on this dialog there is another button labeled “Show Passwords”. If you click on this button, it will SHOW YOUR PASSWORDS IN CLEAR TEXT.

Hmm. That ain’t very nice is it. Especially if you work in an environment where other people might have access to your browser.

Luckily, in the original options dialog box, there is a checkbox marked ‘Use Master Password’. Check this box and you will be prompted to enter a master password. This will require that the user enter this password when the browser launches and will require it again if they attempt to show the passwords in the Options dialog (as described above).

Not sure if you let Firefox or Flock manage your logon info, but if you do, you might want to secure them.

Flock revisited… nearing my happy place.

September 22, 2007

As a follow-on to the comments for my previous post, I was not having any luck finding a blogging tool for Linux that would allow me to upload photos to my blog (curs-ed Blogger API!). So I decided to give Flock another shot. I knew they had updated their release a few months back and thought I’d check it out again. I first checked it out quickly on my XP box at work. The early beta version of Flock that I had tried when it first came out seemed to be crippled when I tried to use it from work (proxy, naughty proxy). But this time out I was very pleasantly surprised to see the blogging and Flickr aspects working smoothly. Now, the question was, how was the Linux version….

Naturally I’m extremely impatient when it comes to things like this, so having Feisty installed here at work on Virtualbox is a very nice thing. I booted up the VM, downloaded the Flock setup package for Linux and got down to work… Following their dead simple instructions for Linux installation in the FAQ, it was up and running in about 2 minutes. Very very smooth. Very slick. Granted, this is my first official post using it, but it does seem to run every bit as well on Feisty in a VM as it does on native XP-pro.

The compromise it seems is that to get photos into my post (no Flock can’t directly upload files to Blogger either), I’ll have to use Flickr. The bonus is that Flickr is so nicely integrated into the Flock browser that it becomes very very painless for me to do that. Normally I’d have to be switching back and forth between Flickr and Blogger to coordinate things. With Flock it appears to be very simple. The photos appear in a bar along the top of my browser, I right click the one I want and up it pops in a very slick and simple blog post editor.

The blog post editor itself allows me to do tagging (very important – since gmail-ing posts in doesn’t allow tagging), edit the source, preview the post and of course insert links, lists, and does indentation. All very basic, but all very slick. I can easily right click the images that I’ve inserted from Flickr and change the image title, alt-text and alignment. Also wonderful is that I can just drag and resize the images. I can also save drafts of posts. Not sure yet where those are kept (online or locally).

Keep in mind that I’m saying all this before actually hitting the publish button. It could all go very very wrong….

But for those on Linux (or Windows or Mac) posting to other platforms like WordPress or whatever, you might find the latest Flock browser to be very useful indeed. It might be a little too feature-rich for when you just want to do some quick and dirty web browsing, but I have to say, it’s significantly improved from when I first tried it out.

Expect more spouting off about Flock on Linux if things go well.

