Skip to comments.
WebRTC Leak Vulnerability – SOLVED (For all Browsers)
Restore Privacy ^
| September 17, 2018
| Sven Taylor
Posted on 04/01/2019 4:31:27 AM PDT by Texas Fossil
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-36 next last
Recently I upgraded my Debian Linux OS on this 32 bit machine. I hate reinstalls because of the house cleaning involved in saving the data, so I put it off as long as possible.
Simply upgrading from Debian 8 to Debian 9 is not a simple process, so I did the next best thing and upgraded all of what was available for Debian 8.
But when I upgraded the Firefox browser I found a lot of instability that I did not have before. I had no active plugins (I thought).
In my search for a solution to that I stumbled onto a security issue related to WebRTC. What is that? Looks like a programmers nightmare to me now. It is said to be an improvement allowing java script from one computer to another. But it appears it makes even VPN connections vulnerable to being viewed by a simple java attack.
So I followed the instructions on this page and it seems to have fixed my recent crash issue. I edited the about:config in Firefox and disabled WebRTC. It is a little early to be sure, but I've been planning to add VPN to my connection when I get moved to the farm in the near future. If VPN is not secure because of WebRTC, we should at least know about it.
Any opinions of the merit of this type of software?
To: Texas Fossil
2
posted on
04/01/2019 4:43:09 AM PDT
by
lysie
To: lysie
3
posted on
04/01/2019 4:54:03 AM PDT
by
Texas Fossil
((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
To: Lazamataz
Do you have an opinion about WebRTC security issues?
4
posted on
04/01/2019 4:58:19 AM PDT
by
Texas Fossil
((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
To: Texas Fossil
This has wider implications. Teleconferencing software like
Cisco Webex (which companies like mine use all the time) use WebRTC internally.
5
posted on
04/01/2019 5:03:15 AM PDT
by
PapaBear3625
("Those who can make you believe absurdities, can make you commit atrocities." -- Voltaire)
To: PapaBear3625
How do you handle the STUN queries?
6
posted on
04/01/2019 5:04:27 AM PDT
by
Texas Fossil
((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
To: Texas Fossil
Google
Duo (video chat for Android). also uses WebRTC
7
posted on
04/01/2019 5:23:44 AM PDT
by
PapaBear3625
("Those who can make you believe absurdities, can make you commit atrocities." -- Voltaire)
To: Texas Fossil
Use the M.O.O.S.E interface
8
posted on
04/01/2019 5:24:51 AM PDT
by
PapaBear3625
("Those who can make you believe absurdities, can make you commit atrocities." -- Voltaire)
To: Texas Fossil
https://www.palemoon.org/technical.shtml
(...)
“WebRTC. Apart from opening up a whole can of worms security/privacy-wise, “Web Real Time Chat” (comparable with Skype video calls and the likes) is not considered useful or desired functionality for Pale Moon (both according to the developers and the users of the browser at large). This is best left to dedicated programs or at most a browser plug-in.”
(...)
9
posted on
04/01/2019 5:40:58 AM PDT
by
Moltke
(Reasoning with a liberal is like watering a rock in the hope to grow a building.)
To: Texas Fossil
Sending data on the internet is STILL like shouting it from the street corner... so be careful.
10
posted on
04/01/2019 5:55:57 AM PDT
by
Mr. K
(No consequence of repealing Obamacare is worse than Obamacare itself.)
To: Texas Fossil; Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; AppyPappy; arnoldc1; ...
11
posted on
04/01/2019 6:06:07 AM PDT
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
To: ShadowAce; Swordmaker; ThunderSleeps
*PING* to your respective lists.
12
posted on
04/01/2019 6:06:57 AM PDT
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
To: dayglored
I stopped using Windows long ago.
Still have 2 Windows machines in my house.
I keep one of them for referencing things my wife checked on it.
Security in general is better using Linux, but some changes are going on with Firefox and security in general that affect both Windows and Linux systems. Get error message of “wrong user name or password”. When I go to Internet Explorer under the Windows machine it logs in fine.
I have found my old email provider will no longer work under Firefox under Windows or Linux.
The login handshake has changed. Have not fixed that yet.
13
posted on
04/01/2019 6:13:17 AM PDT
by
Texas Fossil
((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
To: PapaBear3625
14
posted on
04/01/2019 6:13:46 AM PDT
by
Texas Fossil
((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; Ernest_at_the_Beach; martin_fierro; ...
15
posted on
04/01/2019 6:15:33 AM PDT
by
ShadowAce
(Linux - The Ultimate Windows Service Pack)
To: Moltke
I will have to make some changes on my Debian 8 machine to install Palemoon. I looked at it. It suggested an actual upgrade to Debian 9, which has some issues that will have to be manually worked around. Right now don’t have the time for along project.
Thanks I will not forget “Palemoon”. I’m taking my security more serious lately and plan to add VPN soon.
16
posted on
04/01/2019 6:16:23 AM PDT
by
Texas Fossil
((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
To: Mr. K
Yes, sir. I’m aware and totally sure you are correct.
17
posted on
04/01/2019 6:17:20 AM PDT
by
Texas Fossil
((Texas is not where you were born, but a Free State of Heart, Mind & Attitude!))
To: 109ACS; AbolishCSEU; aimhigh; bajabaja; Bikkuri; Bobalu; Bookwoman; Bullish; Carpe Cerevisi; ...
Keep those browsers up to date! - ANDROID PING!
Android Ping!
If you want on or off the Android Ping List, Freepmail me.
To: Texas Fossil
Windows security has improved a lot over the last decade, but it started so far behind, and had so many bad guys attacking it, it took time to catch up to Linux and MacOS. These days, IMO, they're all roughly equal, and as a result security is mainly about your browsing and email-reading habits, whether you're on Windows, Linux, or MacOS. Mistakes like clicking on bad links, or entering credentials into spoofed websites, can happen on any platform.
The vulnerability you posted in this thread is a good example of how platform-independent applications carry potential problems everywhere.
With regard to Windows, I have multiple Win7 instances, of which all but one are VMs; the exception is a dual-boot (BootCamp) on my Mac. They're for running Windows-only applications -- I don't use them for internet access other than updates. My internet work is done primarily on MacOS and Linux (CentOS and Ubuntu), but that's mostly because a lot of my real work is done at an SSH xterm, which are properly integrated into those platforms; none of the third-party bolt-on xterm/SSH solutions for Windows are nearly as handy for my work.
19
posted on
04/01/2019 7:05:16 AM PDT
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
To: Texas Fossil; ShadowAce
Thanks I will not forget Palemoon. Im taking my security more serious lately and plan to add VPN soon. I've been using Palemoon for a few years now. Never looked back when Mozilla went to the dark side. But while we're on the subject of VPN, can anyone suggest a good one because with the heightened sense of security going around now I'll be looking for now one.
20
posted on
04/01/2019 7:05:29 AM PDT
by
ducttape45
("Righteousness exalteth a nation; but sin is a reproach to any people." Proverbs 14:34)
Navigation: use the links below to view more comments.
first 1-20, 21-36 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson