Boost Chrome browser security with these five add-ons

Discussion in 'other software & services' started by lotuseclat79, Mar 21, 2014.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
  2. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Lastpass no. Just because. But also because they are based right next to the NSA, CIA, and others. Not comforting, as they are 'neighborhood boys' to the other boys. Comfort level = Zero. NOT saying this happens, but false flag breaches actually do happen, and honeypot products are a reality. Besides;
    http://news.cnet.com/8301-1009_3-20060464-83.html

    HTTPS Everywhere -agreed.

    Everything else? All of them replaced by a single, faster, more secure application called "Adguard". Which integrates multiple databases, WOT, Malware Filtration into one package at the port level. (Port 80, 443).
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    I don't see the point of ABP and Disconnect at the same time. Easylist tracking subscription should cover it.
     
  4. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    #2&3 can be replaced with the better HTTP Switchboard.
    Lastpass to me is fine. At least, is more secure to use lastpass for creating and using secure password rather than using nothing and maybe just remember a unique password "password" for all logins..:D
     
  5. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Actually the best password system is to develop your own easy to understand methodology.

    For example ,,,,,,,,,Wilder$,,,,,,,, is far more secure than iKA8ZJnm. Due to the fact you have a length on your side, any brute force still has to run through the gamut, and it's easy as hell to remember. So develop a system like this, and you don't even need to use a password manager. Have a set of variations, such as replacing ,,,, with $$$$, or cycling through your old pet names with symbols where relevant.

    $$$$$$$$D0G$$$$$$$
    ,,,,,,,,,,,,,Trix1e,,,,,,,,

    You get the idea. I used to worry about passwords, and encrypt them, and go to extremes. Now I use common sense systems that are very long, and easy to remember. If you want to get even more secure, develop your own pseudo language. For example if you use a pet name, pet names always get commas. If you use names of streets, those always get dollar signs. Remembering that is just as easy, and you mix things up even more - while having no written/digital record of any of it, recovery is easy because it's a matter of knowing which name you used, then the symbol is linked to that category of name.

    1) YOU control your method.
    2) YOU control your passwords. (not lastpass, or the cloud)
    3) You don't need a recovery method, it's in your brain, and without a recovery method you cannot be MTM recovered or PWR intercepted.
    4) Legally, with no written record, there can be made a claim you 'forgot' your encryption password, should you be compelled to remember it. <grin>

    But that's my opinion.
     
    Last edited: Mar 21, 2014
  6. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Well, not really. 1st password is 45bits, 2nd is 58bits then should me more secure.
    I still believe any password manager is better than no password manager at all. Then we can discuss if we can trust a cloud password mgr like Lastpass. I do (with security set-up at best, TFA, long random master password 145bits, alerts for any change, etc.).
    But it's my opinion. :)
     
  7. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    For example;

    ,,,,,,,,W1lder$,,,,,,,,

    It would take a desktop PC about 30 octillion years to crack your password

    vs

    HFMt64Xz

    It would take a desktop PC about 15 hours to crack your password

    So lets take a 20 character password;

    foHyByHgSKVOzsv9UsS6

    Impossible to remember. Requiring password manager (accentuating risks). But It would take a desktop PC about 5 quintillion years to crack your password

    ,,,,,$mithJ@mes,,,,,

    Easy to remember but; It would take a desktop PC about 3 sextillion years to crack your password
     
    Last edited: Mar 21, 2014
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Being worried that a company is stationed in MD makes little sense to me. If you want to get work in computer security you're basically going to be in one of three places in the US, and the number one place is MD. (For CS it's NY, MD, LA - for security you tack on Colorado to that, potentially).

    LastPass has an option to use servers in Europe as well.

    Let's say your password is :
    ,,,,,$mithJ@mes,,,,,

    Is that easy to remember? What if I have 50 websites I log into (I easily do) - will I remember 50 different passwords like the above?

    If they're all following a single algorithm and *one of them* leaks, an attacker can attempt to decipher that algorithm. Haveibeenpwned.com shows how many millions of leaks there are.

    LastPass guarantees you a random password for every site you visit. That's pretty big. It's not so much about a passwords keyspace as it is about it being unique from all other passwords.
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    But an attacker needn't resort to bruteforcing. The last two passwords have a definite pattern, and attackers can (and do) take advantage of patterns.
     
  10. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Haystacking.

    https://www.grc.com/haystack.htm
     
    Last edited by a moderator: Mar 22, 2014
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,079
    If you use some kind of algorithm to create unique passwords for each login, your passwords are not safe. If one password gets compromised, all other can be guessed, because attacker will probably guess the algorithm. It's like domino effect... Entropy and length of password doesn't mater as brute forcing won't be necessary.

    hqsec
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    chrome or any other browser is secure even without any of these add -ons.
     
  13. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    747
    Location:
    Canada
    In my tests, ABP with Fanboy Ultimate outperforms Disconnect, and Ghostery performs slightly better than ABP. There are other philosophical considerations (open source, GPL, etc.), but strictly measuring blocking power, Disconnect doesn't perform too well so far compared to other blockers.
     
  14. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    No aigle, Chrome is not much secure as itself. It needs script blockers like gorhill's HTTP Switchboard. At the moment it is my main security in Chrome, though I have others in general for my internet activities.
     
  15. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    With Chrome I'd be much less worried about javascript than third-party plugins, which run with much less restrictions than the individual tabs.

    But still, HTTP SB is definitely one of the best extensions available for Chrome.
     
    Last edited: Mar 22, 2014
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Notscript would be my only choice if any, vis-a-vis security.
    Mrk
     
  17. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Lastpass is a better choice, than storing passwords in the browser, but it has been hacked at least 3 times, so it is better to use an offline password manager like KeePass.
     
  18. tlu

    tlu Guest

    Notscripts is no longer developed nor available in the Chrome Web Store. You should switch to ScriptSafe which seems to be partially based on Notscripts. However, HTTP Switchboard is considerably superior.
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,128
    Location:
    USA
    Can you document that LastPass has been hacked three times and what exactly it means? I heard some time ago that there was a breach, but that no user data was lost/compromised. The product was hardened further afterward as well.
     
  21. tlu

    tlu Guest

    3 times o_O Do you have any evidence for that claim?

    To my knowledge, there was one hacking attempt in 2011 where is was not clear if any data was stolen. (And your data - if affected - was not at risk if you had a good master password.) As a consequence Lastpass has implemented several security improvements.
     
  22. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Considering you need a whitelist for specific URL's to prevent website breakage, it's extremely difficult to measure "blocking power". What you think is an advantage in one addon might actually be a disadvantage (it breaks something) and has been whitelisted in EasyList.

    It's extremely unlikely anything has "better blocking power" than EasyList, excluding the few rare situations where something new hasn't been added to the list yet.
     
  23. tlu

    tlu Guest

    Easylist + EasyPrivacy are definitely excellent. But if it comes to 3rd party requests, HTTPSB with out-of-the-box settings blocks significantly more by definition. However, the Adblock filter lists are very good supplements for cases like

    http://graphics8.nytimes.com/ads/marketing/mm09/verticalst/verticals_tech.gif

    This is something HTTPSB cannot block unless you blacklist graphics8.nytimes.com completely in the matrix.
     
  24. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    You missed my point or ignored it. This statement doesn't mean it's better, nor is it necessarily a good thing.

    I could make a list that blocks half the internet and claim it has better "blocking power" than anything else. The issue would be that half the internet is broken.

    Whitelists are a requirement and prevent any statistical measure of "blocking power" being accurate unless you want to spend hours analysing every single blocked entry. You would probably also end up referencing the EasyList whitelist anyway to do such a test.

    At the end of the day EasyList has been worked on for years and is constantly updated. Think twice before you decide that some new addon is somehow better than all those years of work just because it's blocking more.
     
    Last edited: Mar 22, 2014
  25. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    HTTPSB's methodology of modifying Content Security Policy is pretty powerful, though. I would consider it more reliable than the other methods I've seen used for content removal on websites.

    From a technical standpoint I find Gorhill's extension pretty solid, though I have not looked at EasyList code.
     
Loading...
Thread Status:
Not open for further replies.