Enhancing User Privacy: Google Introduces “IP Protection” Feature for Chrome Browser

Google is taking a significant step to ensure privacy for its users with the introduction of a new “IP Protection” feature designed for the Chrome browser. This unique feature, which is fortified by proxy servers, aims at masking the IP addresses of users to enhance privacy.

Why do we need this? IP addresses can be misused for covert tracking. It allows websites and online services to monitor activities across different platforms which enable the creation of persistent user profiles. This invariably breaches the privacy of users as IP tracking bypasses most available measures to avoid tracking, unlike third-party cookies.

However, the new IP Protection solution by Google addresses this concern head-on. The new feature will funnel third-party traffic from specific domains via proxy servers, hiding users’ IP addresses from these domains. This would enhance privacy while maintaining the necessary functionalities of the web.

Google will gradually evolve and refine the IP Protection feature to keep up with changes in the ecosystem. The feature will adapt to continuously shield users from cross-site tracking. As the program progresses, more domains will be added to the list of those with proxied traffic.

But how does one join this program? At the inception, the IP Protection feature will be optional, giving users the ability to control their privacy while Google observes behaviour trends. Google’s plan is to introduce the feature in phases, considering regional performance and facilitating a learning curve.

The first phase, known as “Phase 0,” centres on Google proxying requests to its domains through a unique proxy. This preliminarily testing phase will allow Google to evaluate the infrastructure of the system while fine-tuning the domain list. To access these proxies, users need to be logged into Google Chrome and have US-based IPs.

In the future phases, Google is considering adopting a 2-hop proxy system for enhanced protection. This system entails running a secondary proxy by an additional CDN, while Google runs the first hop. This way, neither proxy can view both the client IP address and the destination, increasing privacy protection.

However, Google is aware of potential cybersecurity threats associated with the new IP Protection feature. Traffic proxied through Google’s servers may pose a challenge for existing security and fraud prevention services to block DDoS attacks or detect invalid traffic. In a scenario where a Google’s proxy server is compromised, the attacker can have access to view and manipulate the traffic flowing through it.

To mitigate against this, Google is putting several measures in place. These include requiring users to authenticate with the proxy, preventing proxies from connecting web requests to specific accounts, and introducing rate-limiting to thwart DDoS attacks.

Overall, while there may be potential security concerns, the “IP Protection” feature is a significant step forward in the constant battle for user privacy. As the digital world continues to evolve, necessary measures like these help ensure that privacy isn’t left by the wayside.

Related Articles:

https://www.bleepingcomputer.com/news/google/google-chromes-new-ip-protection-will-hide-users-ip-addresses/
https://isp.page/news/google-chromes-new-ip-protection-will-hide-users-ip-addresses/

“Critical Vulnerability Discovered in Synology’s DiskStation Manager Software: Reminder of the Ongoing Challenges in the Digital World”

A recently identified medium-severity flaw in Synology’s DiskStation Manager (DSM) could potentially be exploited by cyber attackers to gain unfettered access to administrator accounts. The vulnerability, known by the identifier CVE-2023-2729, enables attackers to leak information necessary to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account. This was revealed in a report by Sharon Brizinov from Claroty, a cybersecurity specialist.

Synology has responded to this issue by rolling out updates to address this flaw in June 2023. However, the inherent problem lies in the software’s reliance on a weaker random number generator that employs the JavaScript method Math.random() to formulate the admin password for the network-attached storage (NAS) device.

This issue is commonly known as insecure randomness. It is a situation where a function can yield predictable values or does not possess enough entropy, thus serving as a source of randomness in a security context. This makes it possible for attackers to decrypt the encryption and undermine the integrity of sensitive information and systems.

Because of this flaw, a threat actor could potentially predict the generated password and gain access to functions otherwise restricted. For an assault to be successful, it would hinge on the attacker successfully extracting a few Globally Unique Identifiers (GUIDs). These are also generated using the same method during the setup process, allowing the attacker to reconstruct the seed phrase for the PRNG.

“By leaking the output of a few Math.Random() generated numbers, It was possible to reconstruct the seed for the PRNG and use it to brute-force the admin password,” Brizinov explained. “Finally, we were able to use the password to log in to the admin account (after enabling it).”

However, Brizinov emphasized that to pull off a successful attack, the cybercriminal would first need to leak the mentioned GUIDs, brute force the Math.random state, and acquire the admin password. But, even after successfully doing so, the built-in admin user account is disabled by default, and most users don’t usually enable it.

It is important to note that Math.random() does not generate cryptographically secure random numbers and should not be used for anything related to security. Brizinov recommends using the Web Crypto API instead, and specifically the window.crypto.getRandomValues() method.

The vulnerability in Synology’s DSM software highlights the ongoing challenges faced by all in the digital world. It is a strong reminder of the importance of regularly updating software to stay ahead of potential vulnerabilities and threats.

“HTTP/2 Rapid Reset: Unprecedented DDoS Attack Shakes Cybersecurity Landscape”

There’s been a shift in the cybersecurity landscape, rocking the pillars of the internet. I am talking about the profound impact of a new Distributed Denial of Service (DDoS) method that has emerged, it’s making all of the previous attack records seem like jokes.

This innovative method, named ‘HTTP/2 Rapid Reset,’ has been buzzing in the tech underworld since late August. If the reported numbers give you chills, it’s because they represent an entire new level of internet threats, with attacks hitting the 200-398 million requests per second range, something previously unheard of.

Let’s break it down, what exactly is this HTTP/2 Rapid Reset? Clever in its simplicity, it abuses protocol features designed to limit overloading servers with too many active streams. Instead of acting nicely, hackers are leveraging the ‘request cancellation’ feature of HTTP/2 to choke servers with endless streams of requests. Here’s the sneaky bit; they then promptly cancel these requests, forcing servers to deal with a literal ocean of resets. The result is like a freeway during rush hour: complete gridlock.

The cunning simplicity of the attack means it’s tough to mitigate effectively with folks over at Cloudflare noting that it managed to strain their system, even before the requests could reach the point of blocking. However, tech giants are already armoring up to deal with this menace. Cloudflare’s particularly proud of its ‘IP Jail’ system, which temporarily bars misbehaving IPs from using HTTP/2 on any Cloudflare domain.

Amazon and Google have also sprung into action, with Amazon maintaining the availability of its customer services despite the onslaught. All three industry leaders suggest boosting DDoS resilience and using all on-hand HTTP-flood protection tools to weather the storm. Software developers are on the case too. They’re implementing rate controls to reduce the impact of HTTP/2 Rapid Reset attacks.

But, you may be thinking, isn’t there a straightforward fix? It’s not that simple. Since this method goes for the jugular of the HTTP/2 protocol itself, it isn’t a case of patching a single loophole, but rather mitigating the abuse of the protocol’s inherent feature.

In a world where web security matters more than ever, anybody who uses the internet would be wise to stay informed about these new developments. As we become increasingly dependent on technology in our everyday lives, staying one step ahead of hackers and cyber threats must be a priority. Trust me, folks; you’ll thank me when your favorite eCommerce store is still operational and not stuck in traffic on the data highway.

“Critical Security Flaw in WS_FTP Server Exposes Millions to Cyber Attacks: Urgent Action Required”

Title: Critical security vulnerabilities in WS_FTP Server: Progress Software releases urgent fixes

Progress Software has unveiled hotfixes to address a critical security vulnerability and seven other potential threats in the WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server manager interface.

The most severe security flaw, registered as CVE-2023-40044 with a CVSS score of 10.0, affects every variant of the software. On WS_FTP Server versions earlier than 8.7.4 and 8.8.2, a pre-authenticated cyber attacker could exploit a .NET deserialization bug in the Ad Hoc Transfer module. This flaw allows the attacker to execute remote commands on the underlying WS_FTP Server operating system. Security researchers, Shubham Shah, and Sean Yeoh have been recognized for discovering and reporting this vulnerability.

The remaining vulnerabilities, impacting WS_FTP Server versions prior to 8.8.2, are:

1. CVE-2023-42657 (CVSS score: 9.9): A directory traversal risk that could allow the execution of file operations.
2. CVE-2023-40045 (CVSS score: 8.3): A reflected cross-site scripting (XSS) vulnerability in WS_FTP Server’s Ad Hoc Transfer module this could execute arbitrary JavaScript.
3. CVE-2023-40047 (CVSS score: 8.3): A stored XSS vulnerability exists in WS_FTP Server’s Management module that could be exploited to trigger XSS payloads in the victim’s browser.
4. CVE-2023-40046 (CVSS score: 8.2): An SQL injection vulnerability that could extract database information and execute SQL statements altering or deleting its contents.
5. CVE-2023-40048 (CVSS score: 6.8): A cross-site request forgery (CSRF) vulnerability in WS_FTP Server Manager interface.
6. CVE-2022-27665 (CVSS score: 6.1): A reflected XSS vulnerability that can lead to execution of malicious code.
7. CVE-2023-40049 (CVSS score: 5.3): An authentication bypass vulnerability allowing users to enumerate files.

The cybersecurity community urges users of Progress Software to take immediate action to apply these security patches given the recent interest in these flaws by ransomware groups such as Cl0p.

Progress Software is currently addressing issues associated with a widespread hack affecting its MOVEit Transfer secure file transfer platform. This hack, which took place in May 2023, affected over 2,100 organizations and more than 62 million individuals.

In conclusion, CVE-2023-40044 is highlighted as a common .NET deserialization issue leading to RCE. It’s surprising that this bug persisted for so long, given the vulnerability of the majority of the WS_FTP versions. Rapid action is needed to apply the fixes to mitigate the risks associated with these cybersecurity vulnerabilities.