LinuxEvolution

Disabling the “Restore tabs after crash” functionality of Mozilla Firefox 11.0 in Linux

I’m one of those who still greatly prefer Mozilla’s Firefox over Google’s Chrome browser. There are several reasons for this, but none of them are important for this post. What is important, is one feature that has been pissing me off for the past few versions of Firefox. The session restore.

This function makes sense on the surface; If you crash, you normally want to get right back to where you were with the smallest amount of effort, and the session restore seems to offer this. The problem for me though is, at least in Linux, Firefox crashes all the time as a result of the piss-poor flash support (thanks Adobe!). Add to that, that I normally have at least 10 tabs open in a good browsing sessions and you have a recipe for repeated mild irritation.

Every time Firefox crashes, which is daily at least under my normal use, I start it back up and it dutifully begins attempting to restore my session. This process, while sometimes helpful, can take a really long time to complete. If you have 10 tabs open to different sites, and each one of those sites pulls content from 5-15 different hosts around the Internet (to serve ads, images, media, etc.) you’re going to have to wait for all of those DNS lookups, Connections, Downloading the content, and of course rendering it. This can take up to 60 seconds before the browser if ready to go, and it has been driving me insane since the feature was released in a previous Firefox version. There are also security and privacy concerns that don’t really bother me to much given my usage, but may be a real problem for some folks.

 

Disable the Session Restore

There are posted guidelines on how to disable the session restore feature. Most of these involve editing the about:config settings around the browser.sessionstore node. This had worked okay for me in the past. The problem I’ve found in recent versions is that, even setting :

 

browser.sessionstore.max_tabs_undo;0
browser.sessionstore.max_windows_undo;0
browser.sessionstore.resume_from_crash;false

 

in about:config does not seem to prevent Firefox 11 from attempting to restore tabs after a crash.

The only solution I’ve found so far is to create an empty session by loading up firefox with one single empty tab, saving the session by exiting the browser from the menu, and then setting the session store file to read-only from then on.

chmod 440 ~/.mozilla/firefox/[profile.name]/sessionstore.js

This will of course break the “Undo Close Tab” function in Firefox (ctrl+shift+T) but that to me was a small price to pay for removing this annoyance from my beloved browser.

PayPal Phishing Site with Valid SSL Certificate

Today I received what a appeared to be a very authentic E-mail from PayPal asking me to login and agree to a new communications policy. The message was from a paypal source, contained accurate personal information about me (First and Last Name) and seemed innocuous enough as you can see here

 

The links in this message however, were to a very sketchy domain ” paypal-communication.com “. Curious, I went to the site and was very surprised to see the green “extended validation” emblem in my browser’s address bar. I looked at the certificate, and much to my surprise this phishing domain had a very valid SSL certificate (an “EV” certificate no less) signed by Verisign, Inc. for PayPal, Inc. See for yourself: 

 

 

 

 

 

At this point I checked the whois information, and sure enough:



Registrant:

Host Master
PayPal, Inc.
2145 E. Hamilton Avenue
San Jose CA 95125
US

hostmaster@ebay.com +1.4083767400 Fax: +1.4083767514

Domain Name: paypal-communication.com
Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com

Administrative Contact:

Domain Administrator
eBay Inc.
2145 Hamilton Avenue
San Jose CA 95125
US

hostmaster@ebay.com +1.4083767400 Fax: +1.4083767514

Technical Contact, Zone Contact:

Host Master
PayPal Inc.
2211 North First Street
San Jose CA 95131
US

hostmaster@ebay.com +1.4083767400 Fax:

Created on..............: 2011-04-06.
Expires on..............: 2013-04-05.
Record last updated on..: 2011-04-20.

Domain servers in listed order:

ns1.isc-sns.net
ns2.isc-sns.com
ns3.isc-sns.info

The domain is less than a month old. Clearly this is a phishing scam, and I’m now doubly glad I didn’t give them any information, but how did they get a valid SSL certificate signed by Verisign?

I sent an inquiry to PayPal customer service and got a simple canned response thanking me for alerting them, stating it was in fact a phishing scam, and telling me they will look into shutting the site down. No mention of the bogus SSL cert.

Let this be yet another reminder to be always vigilant guarding your personal information online, and doubly so with anything related to your banking or financial information.

Back Online

Welcome back to LinuxEvolution. Over the years this site has been many things to many people, now it is just my humble blog.