Hacker Ten

We have recently seen Internet Explorer 8, Firefox +3.5 and Safari adding an internet browsing “privacy mode”, using it you are supposed not to leave internet cache, history cookies or anything else that could jeopardise your internet surfing privacy, but there are at least two things that still give away what sites you have visited.

• Cached DNS Entries: In order to be able to surf the internet you will need use a DNS server to resolve the URLs and this will be cached locally into your machine for a while to speed up your internet surfing, this entries also get cached in private mode browsing.

You can see this yourself opening up the command prompt inWindows, type command.com or cmd.exe at the search box to get to the Windows command prompt box.

Now type:
ipconfig /displaydns

Windows Command Line Prompt cmd.exe

You will see the full list of cached DNS entries, open up a new private browsing session, re-run the command again and see how the sites you just visited got added. Anyone with access to your computer, such as a noisy College systems administrator or your boss at work can see this too.

To clean up the cache just type in:
ipconfig /flushdns

• Flash Cookies: Even in privacy mode evil flash cookies will get stored into the %appdata%\Macromedia\Flash Player\#SharedObjects directory, and they can reveal what sites gave them to you, and what day and at what time you visited them, you can delete these flash cookies manually.

Some Firefox extensions I use and highly reccomend:

SpeedDial: With Speed Dial, you can easily access your most used websites. Speed Dial will be automatically loaded in blank new windows, it can also load in blank new tabs. To configure this, and other options, use the extension settings panel.

PDF Download: PDF Download is a tool for viewing and creating Web-based PDF files. The browser extension lets you convert any (unsecured) Web page into a PDF document for archiving, printing and sharing.

Xmarks: Install it on all your computers to keep your bookmarks and passwords (optional) backed up and synchronized.

LastPass: LastPass is a free online password manager and form filler, allows you to import from every major password storage vendor and export too, captures passwords. Your sensitive data is encrypted locally making use of javascript before upload so even LastPass cannot get access to it.

RefSpoof: Easy spoofing of the URL referer (referrer) featuring a toolbar.

Firefox browser customization

If you want your Firefox browser to look like the screenshot above simply skin it, take a look at Noia (eXtreme) combined with Firefox B persona.

You can see Firefox SpeedDial add-on in action, the 3×3 squares with easy to access thumbnails to the user favourite websites.