RSS Alerts

Related Links

Related Stories

  • Firefox' reputation takes a battering on the security front
    The reputation of Mozilla's popular Firefox web browsing software - now into version 3.5 - took a battering this week as the Secunia security research advisory team revealed a flaw in the way the browser handles Javascript calls.
  • Google Chrome trumps browser pack in update test
    Users of Google's Chrome browser are the most likely to be running the latest version of the software compared to other browsers, according to a study released this week.
  • Another Firefox flaw emerges
    Mozilla's Firefox browser has been hit by a zero-day bug that could enable attackers to execute arbitrary code. The bug, issued by security researcher Guido Landi, can corrupt the browser's memory using a maliciously-crafted file.
  • Safari File Access Bug Discovered
    Security researcher Brian Mastenbrook claims to have discovered a flaw in the Safari web browser that makes it possible for a malicious website to read files on a user's hard drive without their permission. Users of the browser on both the Windows and Mac OS X operating systems are affected. The workaround, posted on his blog, suggests that the problem lies with the browser's RSS capabilities, although he adds that users of OS X 10.5 (Leopard) are affected by the problem whether or not they use the RSS feeds.
  • Microsoft patches critical Internet Explorer flaw
    Microsoft has posted an emergency security patch for Internet Explorer after a critical zero-day flaw was discovered in the browser. Users have been advised to download the patch via Windows Automated Updated.

News

Google Chrome in anonymity blunder

15 December 2009

The latest version of the Google Chrome browser is negating the efforts of anonymous browsing services to protect users' identities, according to bug reports.

Google Chrome is ignoring the need for anonymous browsing services such as Tor to route DNS queries through a proxy server. Instead, it is routing queries from the local network, giving away the identity and location of computers that the users think are anonymous.

Tor, developed by MIT academic Roger Dingledine, is an anonymous browsing service that passes packets - including DNS queries - through a series of participating anonymous browsing servers in a bid to hide their identity from network snoopers. A computer making a request via the service sends a DNS request - which resolves a domain name to an IP address - through this system. This hides the originating address of the DNS query. However, if the DNS query is made directly from the network, the identity is visible.

There are suggestions on the Google developer site that the issue may be caused by the Google Chrome DNS pre-fetching service, which is designed to speed up web requests. Some commenters are reporting that the DNS exposure happens only when this service is turned on, while others suggests that it happens regardless when using Google Chrome.

Tor is available for use with other browsers. There are plug-ins for the open source Firefox browser, for example.
 

 

This article is featured in:
Application Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water