Security Sprint – Firefox Profiles
We’re all busy people. A security sprint should take no more than two hours… which while long for a real sprint, it a mere blink of an eye when compared to the multi-year commitment that is proper security practice.
If you use Firefox as your primary browser, there’s a feature that you’re probably not taking proper advantage of. Firefox stores your personal data in a profile. This includes your bookmarks, passwords, cookies and add ons. The advantage here is that you can tune your Firefox configuration to what you’re doing… and somewhat segment your data.
For example, I have my normal browsing profile which includes a bare minimum number of add ons Adblock Plus, LongURL Mobile Expander, Web of Trust, BetterPrivacy, Cookie Safe and NoScript. Then, if I am conducting offensive security work, I use a profile that is loaded with some attack tools like SQL Inject Me and XSS Me. Similarly, when I’m doing web development or troubleshooting, I have a separate profile that loads Web Developer and Live HTTP Headers. This approach keeps my normal use fairly light and allows me to load the extensions that I need when I need them.
In theory, it also keeps my passwords and cookies a bit safer than usual. It’s not as secure as using a completely separate user account or even computer for doing dangerous activities, but it’s better than not doing anything at all.
To do build your own profiles, go here and launch the Profile Manager. Then, when you start Firefox, you will get dialog asking you which profile you wish to run. From there, it’s just a matter of picking which mode you wish to work in and selecting the appropriate profile before you start.