Screengrabbing in FireFox

On Windows PC's I use SnagIt from TechSmith for screencaptures etc. On OSX I use the built-in capabilities of OSX for capturing screens, windows, or areas, but there was something missing...

SnagIt can capture large windows within *cough*Internet Explorer*cough* or Firefox as one image. So no need for a capture, scroll down, capture again etc. This feature isn't available in OSX, or any (commercial) capturing software I could get my hands on. Until I ran into Screengrab.

Screengrab is a FireFox extension which allows you to save an entire webpage as an image (jpg or png). Excellent extension if I may say so.

Posted on May 4, 2009 by Willem and filed under Apple, Browsers, Software, Tips'n Tricks and tagged OSX Screenshot firefox.

Broken SSL Trust

WebTrust broken?When a CA issues a SSL certificate they (the registration authority) should verify certain information provided by the requester. This includes at least the domain name ownership and preferably the person or company tied to the domain name ownership. Basic stuff really, but what happens when certificates get issued without any verification? Well, this happened to Mozilla [2].

Basically the complete trust framework collapses (for that CA). Especially combined with hosts file and/or DNS hijacking. What if this incident isn't the first? What if some cybercrook got some SSL certs due to similar mistakes of your favorite bank? You're no longer sure if the https connection of your bank really terminates on the servers of your bank. They could just as easily terminate on a server in Russia or Albania. Which leaves you with an empty bank account (most likely).

If the certificate is issued (signed) by a Comodo Root CA (as it was in this case), your browser accepts this as a valid/trusted CA and for the user everything seems fine. This takes me back to the issue of all those trusted root certification authorities in the average OS or browser.
This time, it's a Comodo affiliate that's screwed up (there's no other way of describing this), but what are the chances that some of those trusted 100+ CA's make a mistake? The bigger the list, the bigger the chance of wrongfully issues (SSL) certificates.

By the way, if you're using an older browser (pre IE6 e.g.), chances are that SSL certificate revocation checking is disabled by default. So even when the revoke they certificate you still wouldn't know.... You can verifiy this by opening the Internet Explorer options section and checking the Advanced tab.

Posted on December 29, 2008 by Willem and filed under Annoying, Browsers, Internet, Security.

FireFox 3 Color Management

In the 'old' days, Safari was probably the only Internet browser with some decent color management. The problem was that images displayed in Firefox and Internet Explorer looked a bit desaturated and lighter.

Now, in FireFox 3 you have the opportunity of enabling color management. Just set the following configuration option to 'true' (by double clicking) in the FireFox configuration settings (to access the config-part of FireFox, just type about:config in the address bar).

gfx.color_management.enabled

This feature is turned off by default. Restart firefox and be amazed by the colors in your photos on the Internet

Posted on August 27, 2008 by Willem and filed under Browsers, Photography, Tips'n Tricks and tagged color config firefox.

Create Your Own EV Certificate??

Most web browsers support the extended validation certificates. These certificates give a visual indication (green browserbar for example) that the SSL connection is trustworthy. The only problem is that they are expensive. Especially compared with the 'ordinary' SSL certificates.

These certificates are special because the Certificate Authority (e.g. VeriSign) validated the company who buys these certificates. This way, the end user can shop / bank / or whatever online without worrying too much.

Some affiliates / certificate vendors already did this years ago (validating the actual companies), so this is nothing new. Yet another way to fool the consumers, and make some extra money.....

The problem I run into is that I used to have a 'yellow-ish' addressbar when I entered an https website. Today (at least with FireFox 3) the address bar remains blank. The only indication is a tiny lock displayed at the bottom of the browser. Something you might (and definitely will) overlook.

I use a home made Certificate Authority to create my own certificates (for webmail, secure IMAP, SSL, etc.), but I would like to see a proper visual indication of the SSL connection. So, is there a way to create an EV-like certificate (or even a new CA) by using Microsoft Certificate Services or by using OpenSSL which displayes the colored addressbar?

I did find some info on the EV requirements, but these should be 'spoofable' some way or another.....

UPDATE: I found a website which suggests reconfiguring Firefox 3. Problem with that is that I need to reconfigure all my browsers. I'd rather do it by 'faking' the specs.

It seems that the OCSP-responder is mandatory for the bars to turn green....

Posted on August 15, 2008 by Willem and filed under Browsers, Security.

FireFox 3 Bug??

Like most security conscious people I use Firefox (FF) for my everyday browsing on the Internets. So when the Mozilla guys released version 3 I installed it on all my machines (2 Windows and 2 OSX platforms).

It was a bit getting used to. The underlying FF part had been changed. Bookmarks, history etc are all stored in sqlite databases. So no more flatfiles. This took me a couple of hours to figure it out, but finally I got 'there'.

Using FF was business as usual... Apart from one very annoying bug; Opening new windows (not new tabs) results often in an empty bookmarks bar. And this is happening on Windows and OSX versions of FF.
The bookmarks are 'there' but not click-able. Using the right mouse button (on OSX: ctrl-mouse click) on the bookmarks bar and selecting 'Open All in Tabs', FF opens every bookmark in the bar.

The only way of restoring the proper bar is the completely shutdown FF and restart it. After that it works for a certain amount of time.

The problem isn't isolated to my environment. Just google on the issue, and you'll find more people. There's one suggestion I haven't tried yet. Starting with a fresh/clean profile, but I do need my settings/passwords/bookmarks. I'm lost without those :(

UPDATE: I tried a new profile, and this seemed to work. After this I started to repopulate the new profile with the old settings, etc. Everything went fine until the point where I added the extensions. It seems that even old / not active extensions (SwitchProxy in my case) are still able to f*ck things up.

Posted on July 22, 2008 by Willem and filed under Annoying, Browsers, Internet, Software and tagged Bookmarks FF bugs firefox.

FireFox 3 Dialog Boxes

Firefox is the default browser on all my platform, and every once in a while I run into strange dialog boxes.
E.g., this evening I updated some digital certificates for the test environment of VeriSign MPKI backend. These certificates are issued by a (private) VeriSign CA. So there's no trust by default.

After generating the keypair in FireFox 3 I got the positive dialog box as showed below.

No problem so far, but the next dialog box 'scared' me a little;

This dialog box, or at least the result, would remove (or delete) the certificate I just generated. The issueing CA is not installed in FireFox (or on the machine itself for all it matters). But in fact the certificate was installed in the Crypto/Certificate store of FireFox, and I could use it to access the VeriSign test backend.

So, eventhough, FireFox warns the user that the content will be deleted (or not added), it doesn't exactly does that at all. Let's see if I can file a bug report, because this occured on all 4 certificates I generated/imported.

Posted on July 8, 2008 by Willem and filed under Browsers, Security, Software and tagged VeriSign certificates security firefox.

Firefox 3 Bookmarking

Mozilla released Firefox 3 during my holiday. So the first thing I had to do was upgrade v2.x to the latest version. Initially everything seemed fine.... INITIALLY...

The trouble began when I tried to add bookmarks. The new bookmark interface (it's called Library) showed up empty. When I tried to add a bookmark, it was impossible to remove it.

"Why would you want to remove a bookmark??" Well, because every bookmark I added ended up with the URL to some ad. At first I thought I had some weird virus or trojan on my Mac. But it seemed that every Mac had the same problem.

E.g. If I added the SnipURL button to my toolbar (which is basically a javascript) it would work, but when I pressed the button, it would show a Google ad. There was also no way of removing or changing it.

Posted on June 26, 2008 by Willem and filed under Annoying, Browsers, Internet, Software and tagged Bookmarks firefox.

Change Nokia E61i Default Browser

A friend suggested the Opera Mini browser (v4 beta2) as a browser on my Nokia E61i. So I downloaded it and installed it. Great looking browser which renders some sites much better than the normal included browser (and it's still absolutely free!!). My online banking site seems to work a bit better anyway. One thing I haven't figured out is how to set the Opera Mini browser as the default browser. If I open a link in an e-mail it opens the original browser....

Posted on October 8, 2007 by Willem and filed under Annoying, Browsers, Symbian and tagged Nokia E61.

FireFox Disables Old Security Protocols

I received an error today when I tried to access a SSL protected website. According to FireFox;

Firefox can't connect securely to because the site uses a security protocol which isn't enabled.

It seems that FireFox has removed the support for older/insecure SSL sessions. Some research showed that these setting are accessible through the 'hidden' configuration in FireFox. Just type about:config in your addressbar and it shows the advanced settings of FireFox. Put security.ssl3.rsa_rc4_40_md5 in the filter bar, so that all other settings are removed from the current view. After that set the parameter to true (default is false). After this you're able to access the website. If not try enabling the other encryption parameter to true (which are set to false). Filter on security, and the parameter are quite similar to the one discussed in this entry. Note that there might be some security issues when you enable old(er) security protocol support in FireFox. These are disabled for a reason!!!.

Posted on November 29, 2006 by Willem and filed under Browsers, Internet, Security.

PeopleSoft and Browser Bugs

A couple of days ago, I upgraded Internet Explorer on the laptop from my work. Initially, everything seemed fine... Until I wanted to access our web-based HR system (PeopleSoft). In the good-old-days, this website worked (not good, and not bad). Since IE7, the login page remains blank, while the sourcecode of the page is fully loaded. So no way of logging to my personal HR page. I have no idea what's causing this (PeopleSoft or IE7). I do know that the (simple) login page holds a gazillion lines of Javascript.... Why? It's just a login page. A temporary work-around is using FireFox 2.0. Version 2.0 seemed to have solved some of the bugs I got with FireFox 1.5.x in PeopleSoft. Problem is that I need to change proxy settings for FireFox. I use IE for intranet browsing, because the developpers are MS-fans, and FireFox for global Internet browsing. Mind you that you have to disable the NoScript extension for FireFox (when installed). Just allowing all scripts for the PeopleSoft website gives erratic behavior, and lot's of errors on the pages. Only disabling the extension seems to work (which requires a reboot :( ). Anyway, somebody has to do some work to improve things.

Posted on November 22, 2006 by Willem and filed under Annoying, Browsers.