Explore top 10 tips to secure your open-source projects now. Read More
×Security vulnerabilities in Google's login systems have been uncovered, enabling researchers to bypass Google's protections and access user accounts by obtaining login cookies. These findings raise concerns about the effectiveness of cookie-based authentication and the security of Google accounts in general. . Malicious hackers could exploit these types of vulnerabilities to access sensitive user information across Google services. Users should enable two-factor authentication on their accounts for better protection beyond just username and password. Overall, these findings serve as a reminder that even large tech companies like Google have vulnerabilities that could put users' data at risk if exploited. What Are the Implications of This Issue? This news has serious implications for open-source users and Linux system administrators worldwide. With over 4 billion Google users worldwide, the security of Google accounts affects a massive portion of the global population. If threat actors can bypass 2FA and authentication cookies to access Google accounts, sensitive personal and corporate data could be compromised. In this recent exploit, 2FA codes and login cookies can be intercepted through malware or malicious apps, enabling cybercriminals to steal login credentials from Google accounts. Even security-conscious users diligent about app permissions are still at risk if zero-days or supply chain attacks can sneak malware onto devices. For organizations allowing BYOD policies and access to internal systems through Google Workspace, this vulnerability could enable hackers to infiltrate corporate networks. System admins need to weigh the risks of continuing to allow Google authentication versus enforcing more strict internal controls. Revoking Google access would harm productivity and user experience, but the security trade-off may be necessary. On an individual level, accounts linked to Google, like Gmail, Drive, Photos, and more, contain highly sensitive information. If hackers can bypasssafeguards like 2FA, then private emails, documents, personal photos, search history, and account details could be up for grabs. Users may no longer be able to rely on Google's security, so they must take measures to encrypt data, use unique passwords, and enable other account safeguards. This news means additional effort is required to keep our digital lives secure. What Can You Do to Protect Your Google Account? Google's recommendations focus on enabling two-factor authentication and using a password manager, but there are some additional steps you can take as a security-conscious user: Use a unique, complex password for your Google account. A long, random string of letters, numbers, and symbols will be much harder to crack. Never reuse passwords across different accounts. If one service experiences a breach, you don't want your other accounts compromised. Consider using a hardware security key as your second authentication factor instead of a code sent via SMS. Hardware keys are more secure. Be vigilant against phishing attempts trying to steal your Google login credentials. Google will never spontaneously ask for your password. Limit the number of devices logged into your Google account. Each one increases the attack surface. Carefully review permissions granted to less trustworthy third-party apps connected to your Google account. Revoke anything suspicious. Monitor recent activity on your account through your account security settings. Quickly revoke any sessions you don't recognize. Turn on enhanced safe browsing protection. This can warn you of risky sites trying to phish credentials or serve malware. Keep your devices updated with the latest security patches to mitigate vulnerabilities. Use a reputable antivirus program and scan regularly for malware infections that could compromise your saved passwords. Future Outlook The future implications of this browser cookie vulnerability areconcerning. As the internet landscape evolves, we must consider how browser security may struggle to keep up. This cookie-based attack demonstrates larger systemic weaknesses that malicious actors can continue exploiting. As browsers add more functionality and third-party integrations, they open new vectors for potential abuse. We may see more sophisticated social engineering tactics manipulating unassuming users into enabling insecure browser settings. Multi-factor authentication helps but remains inconsistent across platforms. And as Machine Learning improves, AI-driven attacks pose emerging threats. This cookie issue spotlights the ever-escalating arms race of security versus hacking. We should encourage proactive collaboration between ethical hackers and browser vendors to identify vulnerabilities before they become exploits. But realistically, there will always be unknown risks. Users must stay vigilant in best security practices while developers strive for preventative system designs. Though an uphill battle, building a culture of digital responsibility from the ground up may prove our best long-term solution. Our Final Thoughts on Your Security as a Google User Looking at the big picture, this issue brings light to several critical points: User passwords and sensitive information can still be vulnerable even after a device or browser is restarted. Cookies allowing access to accounts can persist in browser caches. The privacy and security implications of this are far-reaching. Users may believe their accounts are protected after restarting their device when, in fact, cached login cookies leave them exposed. Companies like Google must be more transparent about cookie caching and account access persistence through restarts. The onus shouldn't just be on the user to know about this vulnerability. There is a lot still unknown about the extent of the problem across various browsers and systems. More research is needed to assess the scope of the issue. Enhanced privacy controls, like automatic cookie clearing on restart, may need to become default settings in major browsers. Relying on users to manually enable these features creates unwanted exposure. Users should be empowered to protect themselves through education and awareness around this concern. Understanding the risks is the first step toward mitigating them. The ability to access accounts through cached browser cookies even after a restart is a startling discovery that warrants further scrutiny, discussion, and action from both technology companies and security advocates. At minimum, it shines a light on an understated threat to user privacy in desperate need of being brought to the forefront. While Google claims the risks users face are overstated, the findings reveal vulnerabilities that could allow hackers to access accounts easily. It's concerning that Google's statement downplays the severity of the exploit. Though they claim the attack requires special software or physical access to a device, experts argue it demonstrates fundamental issues with passwordless logins dependent on cookies. At a minimum, users should enable two-factor authentication as an additional account safeguard. But there’s likely pressure on Google to address the underlying cookie and security concerns. Though inconvenient, returning to password logins may better protect accounts from potential remote hacks. Final thoughts remain around how much users can actually trust assurances from tech companies regarding account security. Findings like this shake confidence in cookie-based authentication systems. Users may need to take a more cautious approach, even if it means added login steps. . Malicious actors might take advantage of such weaknesses to infiltrate user information spanning various Google services, presenting significant dangers.. Google Account Security, Authentication Threats, User Data Protection. . LinuxSecurity.com Team
NTP, the much maligned protocol abused in a number of high volume DDoS attacks a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed. . The Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mellon University on Tuesday issued an advisory warning of the two vulnerabilities, which were patched in ntp-4.2 8p2. The link for this article located at ThreatPost is no longer available. . The Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mello. maligned, protocol, abused, number, volume, attacks, suffer. . LinuxSecurity.com Team
In the wake of a researcher's public disclosure of flaws in Siemens products that could let an attacker take over a control system without even knowing the username and password, Siemens today said it will issue security updates in January to fix product vulnerabilities. . Security researcher Billy Rios on Tuesday posted details in his blog of some of the vulnerabilities he and fellow researcher Terry McCorke had found and reported to the ICS-CERT and Siemens in May. Siemens confirmed it was in the process of fixing the flaws today after Rios cried foul when the company appeared to deny the existence of the vulnerabilities that he and fellow researcher Terry McCorke had been working with the company on fixing. The link for this article located at Dark Reading is no longer available. . Security researcher Billy Rios on Tuesday posted details in his blog of some of the vulnerabilities . researcher's, public, disclosure, flaws, siemens, products, attac. . LinuxSecurity.com Team
Attackers able to get their hands on a Dropbox configuration file would be able to access and download any files a user synchronises through the service without betraying any signs of compromise, a security researcher has discovered.. Derek Newton discovered that a Dropbox authentication token, stored in a config file of the Dropbox directory of a Windows PC, allows access to an associated account with the file-synchronisation service The link for this article located at The Register UK is no longer available. . Derek Newton discovered that a Dropbox authentication token, stored in a config file of the Dropbox . attackers, their, hands, dropbox, configuration, would, downlo. . LinuxSecurity.com Team
A bug was recently uncovered in Firefox that could allow a malicious Web site to appear authentic. The bug affects the way Firefox handles writing to the "location.hostname" DOM property, according to a posting by security researcher Michal Zalewski on the security mailing list Full Disclosure. The vulnerability could potentially allow a malicious Web site to manipulate the authentication cookies for a third-party Web site. . By bypassing same-origin policy, attackers can possibly tamper with the way these sites are displayed or how they work. For users, this means the bug could allow for the browser to appear as if the user were connecting to a bank, when in fact the user would instead be receiving data from an attacker. The link for this article located at eWeek is no longer available. . By bypassing same-origin policy, attackers can possibly tamper with the way these sites are displaye. recently, uncovered, firefox, allow, malicious, appear, authentic. . LinuxSecurity.com Team
You might remember my previous posting on websites that insist on sending your username and password credentials over the internet in plain text (in other words, anyone in between you and the destination web server can 'sniff' these credentials if they know what they are doing). This article created a substantial amount of feedback from both users and website owners. Some agreed to modify their authentication methods, some accused me working for their competition. No, I'm not making that up. . The truth of the matter is that there are more 'popular' sites out there that still insist on sending login credentials over the wire in plain text. Even my beloved ittoolbox.com sends my authoring credentials over the wire in the clear. (*waves at Martin to fix*) Let's explore some other sites, shall we? The link for this article located at IT Toolbox is no longer available. . Websites that send login information unencrypted are at significant risk, as plaintext passwords invite attacks. Stronger authentication like 2FA and encryption is crucial. Password Security, Authentication Methods, Web Security. . LinuxSecurity.com Team
"The world's largest FOSS IRC network, FreeNode, was hijacked (for lack of a better term) by someone who somehow got a hold of the privileges of Robert Levin, AKA lilo, the head honcho of FreeNode and its parent organization, PDPC. To make matters worse, the passwords of many users may have been compromised by someone posing as NickServ, the service that most clients are configured to send a password to upon connecting, while they reconnected to the servers that hadn't been killed. . The link for this article located at Slashdot.org is no longer available. . The link for this article located at Slashdot.org is no longer available.. world's, largest, network, freenode, hijacked, better, term), someone. . LinuxSecurity.com Team
Companies running Apache and a PostgreSQL database are at risk from serious Internet intrusion. Red Hat warned of a flaw late last week in mod_auth_pgsql, an Apache module that allows authentication against information in popular open-source database PostgreSQL. . iDefense discovered several format string flaws in the way mod_auth_pgsql logs information, which could allow unauthenticated attackers to execute malicious code with the privileges of the "apache" user, according to Red Hat. Red Hat issued patches for the versions of the module used in Red Hat Enterprise Linux versions 3 and 4, saying it doesn't affect earlier versions. As of Monday Ubuntu, Mandriva and other vendors have also issued patches. Red Hat and other Linux vendors gave the flaw a "critical" rating, as did advisory database maintainer FrSIRT. Secunia, which publishes a separate vulnerabilities database, gave it a "highly critical" rating. The link for this article located at TechWorld is no longer available. . iDefense discovered several format string flaws in the way mod_auth_pgsql logs information, which co. companies, running, apache, postgresql, database, serious, internet, intrusion. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.