I’m one of those who still greatly prefer Mozilla’s Firefox over Google’s Chrome browser. There are several reasons for this, but none of them are important for this post. What is important, is one feature that has been pissing me off for the past few versions of Firefox. The session restore.
This function makes sense on the surface; If you crash, you normally want to get right back to where you were with the smallest amount of effort, and the session restore seems to offer this. The problem for me though is, at least in Linux, Firefox crashes all the time as a result of the piss-poor flash support (thanks Adobe!). Add to that, that I normally have at least 10 tabs open in a good browsing sessions and you have a recipe for repeated mild irritation.
Every time Firefox crashes, which is daily at least under my normal use, I start it back up and it dutifully begins attempting to restore my session. This process, while sometimes helpful, can take a really long time to complete. If you have 10 tabs open to different sites, and each one of those sites pulls content from 5-15 different hosts around the Internet (to serve ads, images, media, etc.) you’re going to have to wait for all of those DNS lookups, Connections, Downloading the content, and of course rendering it. This can take up to 60 seconds before the browser if ready to go, and it has been driving me insane since the feature was released in a previous Firefox version. There are also security and privacy concerns that don’t really bother me to much given my usage, but may be a real problem for some folks.
Disable the Session Restore
There are posted guidelines on how to disable the session restore feature. Most of these involve editing the about:config settings around the browser.sessionstore node. This had worked okay for me in the past. The problem I’ve found in recent versions is that, even setting :
browser.sessionstore.max_tabs_undo;0 browser.sessionstore.max_windows_undo;0 browser.sessionstore.resume_from_crash;false
in about:config does not seem to prevent Firefox 11 from attempting to restore tabs after a crash.
The only solution I’ve found so far is to create an empty session by loading up firefox with one single empty tab, saving the session by exiting the browser from the menu, and then setting the session store file to read-only from then on.
chmod 440 ~/.mozilla/firefox/[profile.name]/sessionstore.js
This will of course break the “Undo Close Tab” function in Firefox (ctrl+shift+T) but that to me was a small price to pay for removing this annoyance from my beloved browser.
Today I received what a appeared to be a very authentic E-mail from PayPal asking me to login and agree to a new communications policy. The message was from a paypal source, contained accurate personal information about me (First and Last Name) and seemed innocuous enough as you can see here
The links in this message however, were to a very sketchy domain ” paypal-communication.com “. Curious, I went to the site and was very surprised to see the green “extended validation” emblem in my browser’s address bar. I looked at the certificate, and much to my surprise this phishing domain had a very valid SSL certificate (an “EV” certificate no less) signed by Verisign, Inc. for PayPal, Inc. See for yourself:
At this point I checked the whois information, and sure enough:
Registrant: Host Master PayPal, Inc. 2145 E. Hamilton Avenue San Jose CA 95125 US email@example.com +1.4083767400 Fax: +1.4083767514 Domain Name: paypal-communication.com Registrar Name: Markmonitor.com Registrar Whois: whois.markmonitor.com Registrar Homepage: http://www.markmonitor.com Administrative Contact: Domain Administrator eBay Inc. 2145 Hamilton Avenue San Jose CA 95125 US firstname.lastname@example.org +1.4083767400 Fax: +1.4083767514 Technical Contact, Zone Contact: Host Master PayPal Inc. 2211 North First Street San Jose CA 95131 US email@example.com +1.4083767400 Fax: Created on..............: 2011-04-06. Expires on..............: 2013-04-05. Record last updated on..: 2011-04-20. Domain servers in listed order: ns1.isc-sns.net ns2.isc-sns.com ns3.isc-sns.info
The domain is less than a month old. Clearly this is a phishing scam, and I’m now doubly glad I didn’t give them any information, but how did they get a valid SSL certificate signed by Verisign?
I sent an inquiry to PayPal customer service and got a simple canned response thanking me for alerting them, stating it was in fact a phishing scam, and telling me they will look into shutting the site down. No mention of the bogus SSL cert.
Let this be yet another reminder to be always vigilant guarding your personal information online, and doubly so with anything related to your banking or financial information.
Welcome back to LinuxEvolution. Over the years this site has been many things to many people, now it is just my humble blog.