Safety  2024  2023  2022  2021  2020


Google's New Tracking Protection in Chrome Blocks Third-Party Cookies
15.12.23  Safety  The Hacker News


Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser.

The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy Sandbox at Google, said.

The tech giant noted that participants for Tracking Protection will be selected at random and that chosen users will be notified upon opening Chrome on either a desktop or an Android device.

The goal is to restrict third-party cookies (also called "non-essential cookies") by default, preventing them from being used to track users as they move from one website to the other for serving personalized ads.

While several major browsers like Apple Safari and Mozilla Firefox have either already placed restrictions on third-party cookies via features like Intelligent Tracking Prevention (ITP) and Enhanced Tracking Protection in Firefox, Google is taking more of a middle-ground approach that involves devising alternatives where users can access free online content and services without compromising on their privacy.


In mid-October 2023, Google confirmed its plans to "disable third-party cookies for 1% of users from Q1 2024 to facilitate testing, and then ramp up to 100% of users from Q3 2024."

Privacy Sandbox, instead of providing a cross-site or cross-app user identifier, "aggregates, limits, or noises data" through APIs like Protected Audience (formerly FLEDGE), Topics, and Attribution Reporting to help prevent user re-identification.

In doing so, the goal is to block third-parties from tracking user browsing behavior across sites, while still allowing sites and apps to serve relevant ads and enabling advertisers to measure the performance of their online ads without using individual identifiers.

"With Tracking Protection, Privacy Sandbox and all of the features we launch in Chrome, we'll continue to work to create a web that's more private than ever, and universally accessible to everyone," Chavez said.


Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails
1.12.23  Safety  The Hacker News


Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail.

"RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more," according to the project's description on GitHub.

"The RETVec model is trained on top of a novel character encoder which can encode all UTF-8 characters and words efficiently."

While huge platforms like Gmail and YouTube rely on text classification models to spot phishing attacks, inappropriate comments, and scams, threat actors are known to devise counter-strategies to bypass these defense measures.

They have been observed resorting to adversarial text manipulations, which range from the use of homoglyphs to keyword stuffing to invisible characters.

RETVec, which works on over 100 languages out-of-the-box, aims to help build more resilient and efficient server-side and on-device text classifiers, while also being more robust and computationally less expensive.

Vectorization is a methodology in natural language processing (NLP) to map words or phrases from vocabulary to a corresponding numerical representation in order to perform further analysis, such as sentiment analysis, text classification, and named entity recognition.

"Due to its novel architecture, RETVec works out-of-the-box on every language and all UTF-8 characters without the need for text preprocessing, making it the ideal candidate for on-device, web, and large-scale text classification deployments," Google's Elie Bursztein and Marina Zhang noted.

The tech giant said the integration of the vectorizer to Gmail improved the spam detection rate over the baseline by 38% and reduced the false positive rate by 19.4%. It also lowered the Tensor Processing Unit (TPU) usage of the model by 83%.

"Models trained with RETVec exhibit faster inference speed due to its compact representation. Having smaller models reduces computational costs and decreases latency, which is critical for large-scale applications and on-device models," Bursztein and Zhang added.


Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
27.11.23  Safety  The Hacker News

A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established.

The Secure Shell (SSH) protocol is a method for securely transmitting commands and logging in to a computer over an unsecured network. Based on a client-server architecture, SSH uses cryptography to authenticate and encrypt connections between devices.

A host key is a cryptographic key used for authenticating computers in the SSH protocol. Host keys are key pairs that are typically generated using public-key cryptosystems like RSA.

"If a signing implementation using CRT-RSA has a fault during signature computation, an attacker who observes this signature may be able to compute the signer's private key," a group of academics from the University of California, San Diego, and Massachusetts Institute of Technology said in a paper this month.

In other words, a passive adversary can quietly keep track of legitimate connections without risking detection until they observe a faulty signature that exposes the private key. The bad actor can then masquerade as the compromised host to intercept sensitive data and stage adversary-in-the-middle (AitM) attacks.

The researchers described the method as a lattice-based key recovery fault attack, which allowed them to retrieve the private keys corresponding to 189 unique RSA public keys that were subsequently traced to devices from four manufacturers: Cisco, Hillstone Networks, Mocana, and Zyxel.

It's worth noting that the release of TLS version 1.3 in 2018 acts as a countermeasure by encrypting the handshake that establishes the connection, thus preventing passive eavesdroppers from accessing the signatures.

"These attacks provide a concrete illustration of the value of several design principles in cryptography: encrypting protocol handshakes as soon as a session key is negotiated to protect metadata, binding authentication to a session, and separating authentication from encryption keys," the researchers said.

The findings come two months after the disclosure of Marvin Attack, a variant of the ROBOT (short for "Return Of Bleichenbacher's Oracle Threat") Attack which allows a threat actor to decrypt RSA ciphertexts and forge signatures by exploiting security weaknesses in PKCS #1 v1.5.


Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol
25.7.23 
Safety  The Hacker News
Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification.

"Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform," Giles Hogben, privacy engineering director at Google, said. "This is why Google is strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms."

The development comes as the Internet Engineering Task Force (IETF) released the core specification of the Messaging Layer Security (MLS) protocol as a Request for Comments (RFC 9420).

Some of the other major companies that have thrown their weight behind the protocol are Amazon Web Services (AWS) Wickr, Cisco, Cloudflare, The Matrix.org Foundation, Mozilla, Phoenix R&D, and Wire. Notably missing from the list is Apple, which offers iMessage.

MLS, as the name implies, is a security layer for end-to-end encryption that facilitates interoperability across messaging services and platforms. It was approved for publication as a standard by IETF in March 2023.

"MLS builds on the best lessons of the current generation of security protocols," IETF noted at the time. "Like the widely used Double Ratchet protocol, MLS allows for asynchronous operation and provides advanced security features such as post-compromise security. And, like TLS 1.3, MLS provides robust authentication."

Central to MLS is an approach known as Continuous Group Key Agreement (CGKA) that allows multiple messaging clients to agree on a shared key that caters to groups in size ranging from two to thousands in a manner that offers forward secrecy guarantees regardless of the individuals who join and leave the group conversation.

"The core functionality of MLS is continuous group authenticated key exchange (AKE)," the standard document reads. "As with other authenticated key exchange protocols (such as TLS), the participants in the protocol agree on a common secret value, and each participant can verify the identity of the other participants."

"That secret can then be used to protect messages sent from one participant in the group to the other participants using the MLS framing layer or can be exported for use with other protocols. MLS provides group AKE in the sense that there can be more than two participants in the protocol, and continuous group AKE in the sense that the set of participants in the protocol can change over time."

This evolving membership is realized by means of a data structure called an asynchronous ratcheting tree, which is used to derive shared secrets among a group of clients. The goal is to be able to efficiently remove any member, achieving post-compromise security by preventing group messages from being intercepted even if one member was breached at some point in the past.

On the other hand, forward secrecy, which enables messages sent at a certain point in time to be secured in the face of later compromise of a group member, is provided by deleting private keys from past versions of the ratchet tree, thereby averting old group secrets from being re-derived.

Mozilla, which is hoping to see a standardization of a Web API to leverage the protocol directly via web browsers, said MLS is designed such that "the legitimacy of new members entering a group is checked by everyone: there is nowhere to hide."