“[Expletive deleted – this is a family-friendly show], what happened to my post?” Lazarus to the rescue!
The popular Firefox add-on (there is a Chrome version too) keeps a database of your posts so that even if for some reason the site you were posting on “disappears” while you were making your post (like a session ending enabled by a cookie), you can go back, go to the posting window and use Lazarus to recover the text that you had typed.
(There is another Firefox add-on called “Textarea Cache” . . . that does essentially the same thing, but the GUI is different, the method to recover text is different, and it’s not near as popular as Lazarus.)
Now Lazarus uses an encrypted database, so ostensibly there is no security risk.
But, if you suffer from paranoid fantasy’s of hackers (“crackers” is the more precise term, but the common usage of “hacker” has come to mean those that maliciously twist the code on your machine, though there are actually “good” hacks) constantly trying to penetrate your machine, like I do, encrypted SQLite databases (which is what Lazarus maintains in your FF profile) CAN be penetrated.
As Steve Gibson, the security guru, is fond of saying, “There is no such thing as 100% security”, unless of course you never get on the Internet and encase your machine in concrete . . . absurd of course.
And I agree with Gibson. The best you can do is minimize your risk. An antivirus, a router, a software firewall, a sandbox . . . in Windows, a VM in Linux for browsing, a HIPS (“Host Intrusion Prevention System”), etc., can all be used and you can STILL suffer an infection.
Now it’s pretty unlikely with all those security measures in place, and you have reduced your risk to minimal compared to most, but there is never any guarantee.
So before the Lazarus developers jump on this, let me say the encrypted Lazarus SQLite database is pretty darn secure.
Nevertheless, a hacker (cracker?) with a SQLite db browser (FF has an add-on for that, plus there are several stand-alone ones), sufficient knowledge of SQLite db’s and encryption techniques, and a LOT of patience, can penetrate the Lazarus database. It is highly unlikely that it will happen, but possible.
What sensitized me to this was that I noticed the Lazarus “search” function reveals a lot of info you may not want revealed.
Right click the icon in your Firefox status bar and click on “Search Lazarus…”
That will give you the search window:
As you can see by the sample above, there’s some data I wouldn’t want other people to see (though again in the db itself it’s encrypted, so it’s unlikely they would unless I allowed a hacker into an RA session and they viewed my screen . . . also unlikely), and also there’s a URL history of my “tracks”.
What alarmed me the most was the URL history. After most sessions, I manually clear my URL history (now and then I don’t, but that’s pretty rare).
NO . . . I’m NOT saying you should dump Lazarus. On the contrary, it’s a very useful add on and indeed I use it.
But what this alerted me to is that if I’m going to go to the trouble of removing my “tracks” by deleting my history, I should also remove the Lazarus db to be consistent:
And if you choose to keep a backup, go into your FF profile and manually delete that too. (In Linux, the file is “lazarus-backup.sqlite”).
This can be tedious doing it every time (I don’t know if there’s a way to automate this . . . maybe a script or a Lazarus developer can make a comment here), but since the db is encrypted I restrain my paranoia and do it maybe once a week or more often if the db is full of sensitive info I don’t want to risk.
Again, I’m not bashing Lazarus, and their db is very secure, but if you’re a stickler for loose ends and details like I am, you may be able to use this heads-up.
Thank you dear friend, you have amazing collection of information.I liked reading your articles and it proved very valuable to me.i will keep visiting your blog for regular updates!!!i have already subscribed to your blog
@ free mp3,
Thank you very much . . . is always satisfying to read feedback like this.
One slight correction though (and please don’t take this as abusive.)
It is NOT “My” blog . . . I am just a guest writer. The blog is owned, operated, and designed by Frank Jovine.
Nevertheless, I agree with you. Frank does a good job with this thing, and I’m sure he’s glad you have subscribed to TechJaws.
Thanks again.
BJ
Job well done! excellent informative post about Lazarus. Hope you can post for informative articles.