1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Google has a new way to try and stop cookie theft leading to poss

    From TechnologyDaily@1337:1/100 to All on Wed Apr 3 14:45:05 2024
    Google has a new way to try and stop cookie theft leading to possible cyberattacks

    Date:
    Wed, 03 Apr 2024 14:35:07 +0000

    Description:
    New Google security initiative aims to bind the cookies to the device, rather than the browser.

    FULL STORY ======================================================================

    Google wants to put an end to browser cookie theft by making todays cookies practically worthless.

    In an announcement on its Chromium blog, Google revealed it is working on a new model that binds user sessions to the actual devices, rather than the browser . That should give antivirus solutions and other endpoint protection tools a better fighting chance against hackers.

    Lately, cookies have become a popular target for threat actors, as they grant access to various accounts, even with multi-factor authentication (MFA) enabled. They can be extracted with infostealing malware and, even if a subsequent antivirus scan removes it, will remain active and useful to the attackers. Substantial reduction

    To tackle the problem, Googles engineering team is working on something they call Device Bound Session Credentials (DBSC), a new web capability that will help keep users more secure against cookie theft.

    The project is being developed in the open at github.com/WICG/dbsc , Google said, adding that the goal is for the project to become an open web standard.

    BDSC will bind authentication sessions to the actual device, rendering
    cookies practically worthless. We think this will substantially reduce the success rate of cookie theft malware, Google said. Furthermore, for account theft to work in the new environment, the attackers would need to act
    locally, on the device, which will be somewhat more difficult due to
    antivirus and other protection tools.

    Finally, Google added that many server providers, identity providers, and browsers, said they were interested in the project, as well. We are engaging with all interested parties to make sure we can present a standard that works for different kinds of websites in a privacy preserving way.

    Eliminating cookie theft would definitely improve the security standing of many organizations, but were fairly certain threat actors would again find a way to compromise user accounts. More from TechRadar Pro Google tries to downplay cookie security risk as nothing new Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-has-a-new-way-to-try-and-stop-co okie-theft-leading-to-possible-cyberattacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)