Posted on 08/09/2024 11:47:02 AM PDT by ShadowAce
We Windows users are sometimes the butt of the joke when it comes to cybersecurity issues. Or at least, we often used to be. Still, if I receive one more lecture on why Linux or Mac systems are more secure, I'll at least have this article to point to. Not always, I shall say. Not always.
Oligo Security's research team has discovered a “0.0.0.0 Day” vulnerability that affects Google Chrome/Chromium, Mozilla Firefox and Apple Safari browsers, enabling websites to communicate with software running on MacOS and Linux systems (via The Hacker News).
The vulnerability means public websites using .com domains are able to communicate with services running on the local network by using the IP address 0.0.0.0 instead of localhost/127.0.0.1.
The good news, if you're a Windows user at least, is that Microsoft's OS blocks 0.0.0.0 at a system level. Hooray for the sometimes-rarer-than-we'd-like Microsoft security win. The bad news for the rest of you is that this loophole is said to have been exploitable since 2006, which means it has been an active cybersecurity vulnerability for an astonishing 18 years.
It's said that the percentage of websites that communicate using 0.0.0.0 is on the rise. Looking at Chromium counters, Oligo has identified 0.015% of websites that could potentially be malicious. That might not sound like a lot, but according to the team, there are an estimated 200 million active websites as of August 2024.
That's potentially 100,000 websites communicating over that particular IP address, although how many of them are using that capability for nefarious purposes is currently unknown.
Oligo disclosed its findings to security teams from each of the major browsers affected in April 2024, which the company says was acknowledged by each, and that changes are underway to plug the vulnerability.
However, it's up to browser developers to implement their respective fixes, and those fixes have been rolling out to different browsers at different times. Chrome is already blocking access to 0.0.0.0—starting with Chromium 128—and Google plans to gradually roll out the change with completion set for Chrome 133.
Apple-based browsers like Safari use Webkit, which has already blocked 0.0.0.0. since the report. As for Mozilla Firefox, there is currently no immediate fix, but Mozilla has changed the Fetch specification to block 0.0.0.0 attempts. According to Oligi, "at an undetermined point in the future, 0.0.0.0 will be blocked by Firefox."
Call me slightly smug, but given some high-profile Windows cybersecurity-related failures of late I'll take any win I can get. If you're a Windows PC user, it's finally time to take a victory lap. This one's not on us, folks, and we can rest easy in our beds tonight.
“80% of all viruses target Windows because that’s what most people use and they have most the market share for desktops.”
Except that is only half the story. Truth is except for just a couple exploits in the history of Linux, all the exploits had to be physically and manually entered into a local system that had been rooted with proper admin credentials. That requirement of having hands physically on your box and credentials to root it to make the exploit work is huge. Don’t let anyone you don’t trust near your box and you are golden with Linux. It cannot be exploited by hidden or remote efforts because it can’t be rooted.
No doubt, Linux is more secure of an environment, and also far more stable.
That’s what I run at home for that reason.
I also like a system that does what it tells it to do, not what tells me what I’m allowed to do.
“I also like a system that does what it tells it to do, not what tells me what I’m allowed to do.”
HUGE...
Exactly like how toe fungus is immune to rabies.
Linux and MacOS (which is Linux based) will never top that CF with any of their problems.
I only use Windows for Windows apps that I still need on a VMWare guest system on Linux and snapshot the image regularly to easily recover if it goes sideways. I share part of the Linux file system to the Windows guest thru VMWare for my data. Only the Windows system files are Windows-based. No way will Windows or its file systems ever be a primary resource.
“>80% of all viruses target Windows because ...”
Are you saying that their “security” is blocking viruses coming into your machine? That’s all?
Yeah, I knew it was one form or another and NOT anything like Windows. I use FreeBSD in network equipment. Took a gamble instead of precisely looking it up.
That means I’m safe.😇
Have you played Atari today.😏
I used to have an 800XL.
I might buy one of those retro game consoles.
Atari... Sadly, the ST and Mega systems that followed never were recognized for the powerful machines they were.
Atari had became synonymous with a game console when in reality they were building excellent systems for the time: advanced 68000 chip (used by Apple in the Mac for years to come), some of the best graphics and sound for the time.
https://en.wikipedia.org/wiki/Atari_MEGA_STE
My first computer was an Atari 400 that I bought at I believe Toys are us that I paid $99 for them got a $50 rebate.
I used to attend the software swap meets.
I had a Happy Drive mod: https://en.wikipedia.org/wiki/Happy_drives
Back then the rules for copying software weren’t like they are today.
Today all the legal loose ends are tied up (the guys with the money get to write the rules - not really how it should be) and you have 100 different techniques to prevent copying of software.
I had a lot of fun.
Say, whatever happened to Swordmaker?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.