Disabling Firefox insecure password form warning

While I believe in security in general, and in SSL-certificates as a means for that, it gets quite annoying to have the newly released password form warning for several of my sites.

In particular my home router and my intranet NAS-box at home, which prefers http login, even though the NAS actually comes with an https-variant, which unfortunately does not work very well since it uses a self-signed certificate issued to QNAP NAS, and therefore does not match the hostname/URL of my configured NAS. Which still creates warnings and needs for exceptions and so on rather than actually helping out.

But anyway, the point of this post was not about QNAP, (who beyond this little misstep makes a splendid product), but about how to disable the insecure password form warning in Firefox, and also how to re-enable password autofill on http sites again.

So. Here’s how to disable Firefox insecure password warnings:

  1. Open a new tab, paste about:config into the address bar.
  2. In the Search box at the top, paste insecure_field_warning.contextual.enabled
  3. Double click the setting to change it to “false”, to disable Firefox’s insecure password warning.

To also restore autofill functionality, so saved login/password automatically populates in an HTTP form here’s how:

  1. In the Search Box on the about:config page, paste signon.autofillForms.http
  2. Double click the setting to change it to “true,” to enable autofill

And I believe the old joke on doing unsafe things you shouldn’t used to come with the warning “don’t do this at home!”… 😉

One thing I would like very much however is for Binero to come up with their planned support for free SSL-certificates through some 3rd party provider. (I believe Let’s Encrypt was mentioned in a comment to a blog post a while back but now I can no longer even find that specific blog post so it might have been deleted).

 

 

Advertisements

My cyber is now protected. But against what?

As much as I like Avast Antivirus, and after some getting used to I’m also starting to like Avast SafeZone browser (with a few horrid exceptions, like the handling of shortcuts and colors, and the annoying fact that when you launch one instance of the browser it launches 8 separate processes)

What I don’t like is not being informed in any way when new features affect the operating system. When SafeZone was added that was annoying, but it was “just” another browser, like so many other adware programs that tries to install their own plugins, addons, and whatnots.

But installing a Windows service is quite another thing, in my eyes. And when I’m not even sure why it’s being done, for what purpose, and when it’s actually protecting me (or what it’s protecting) then I get a bit more annoyed. And then I try to find out where the settings are, and how to deactivate the plugin.

avast-ids

So far I haven’t found its settings, and it’s not listed as an installed component within the Avast settings user interface, and neither is it listed among the Windows installed software, so it must be handled as a part of the main Avast installation itself, but I’ll get there in the end I hope.

And if I don’t I’ll just consider uninstalling Avast and go back to basic Windows Defender. It wouldn’t be the first time.

Upgraded to WordPress 4.7.1

I upgraded my sites to WordPress 4.7.1. No issues or unexpected problems so far.

I did note however that oddly enough one of the sites has received a rather unusual amount of visitors the last two days, especially considering there are no referrals and no new postings on it at the time. It also seems to have an increase in the stats for number of hacking attempts. But beyond that everything seems to be fine from what I can see.

All in one WordPress Security & Firewall

After the generic recommendations from Binero a few weeks ago for the “All in one WordPress Security & Firewall plugin” I decided to give it a try.

At first I implemented it only for one of my test blogs, but quickly noticed several nice features and proceeded to implement it on all my sites.

This worked really fine, and while I’ve only enabled a subset of the settings so far it seems to have some effect, since one of the things I did enable was the brute force login prevention, including the email stats for when someone is blocked. Little did I think it would be about 10-20 attempts per day, every day.

And while this may not be much in comparison, at least I assume larger sites have much more of this behavior, it was still comforting to see this is now being blocked. And yet, I am still somewhat uncertain how come there can be over 10-20 login attempts daily and no sign of these in the website statistics?

If they’re coming to the site they ought to show up in the stats, and if they’re not, how are they trying to login? Clearly I need to see if I can find out more on how the stats are actually collected.

Things I shouldn’t have tested in the last minute

I was planning to reduce the weight and leave the laptop at home, and only bring the Surface tablet to Tech-Ed. And I got the bright idea (or so it seemed at the time) that I would need work email on it as well as my private mail.

And it had completely slipped my mind that I had tried this once before, and it didn’t work then either. So I enabled email, it required setting of some policies, oh well, let’s accept those (I thought I should know the impact), and sync away.

The first problem to come up was that the mailbox is quite large and the sync is horrendously slow, not at all like on iPhone or iPad, but painfully slow. And once sync’ed it is even more painfully slow to actually try to switch mailboxes, quite unusably slow. But I thought I could live with that for a week. Until I noticed that the enforced policies had also removed by numeric pincode login and replaced it with the original 25 character randomized Windows Live account password. Which won’t really do at all in real life.

So, mailsync quickly removed, and now for the exciting task of (once more) trying a systems restore without loosing too much things. This time around I will make sure to write it down, in the hope that the next time I get the bright idea to try to use email on the Surface I will read here first and refrain from it…

Two days in Helsinki

Back home from a visit to Helsinki, mentally tiresome although very good meetings with some real sharp subject matter experts, (and some not so very sharp too).

Still I’m on the whole quite pleased with the trip, it gave a lot of valuable input on things working and things in dire need of attention and shaping up.

And I managed to catch almost 10 minutes walk and view of the town as well…

20121002-235209.jpg