According to a study recently posted to reddit here, a new security hole has been discovered that affects both windows firefox and chrome web browsers. This new method of IP control allows websites to determine actual ISP issued a Web user's IP address, even when using a VPN. This is accomplished by running a JavaScript WebRTC code in the visitor's web browser and can be performed behind the scenes without the user's knowledge. Android, Linux and Max OSX versions of these browsers do not seem affected at that time.
Although the development of this kind may appear scary, the good news is there is a simple solution. The real problem here though is not the fix, but rather the fact that many users go to their day to day activities without knowledge of this flaw. It is important that you take a few minutes to make sure your system is patched
More information about what that does is available from github page researcher :.
" Firefox and Chrome have WebRTC implemented that allow applications to stun servers that will return to local and public IP addresses for user. This request results at JavaScript, so you can now obtain a user of local and public IP addresses in javascript. This demo is a sample implementation of this.
in addition, these STUN requests are taken outside the normal XMLHttpRequest procedure, so they are not visible in the developer console or be blocked by plugins such as AdBlockPlus or Ghostery. what makes these types of queries available for online tracking if an advertiser sets up a STUN server with a generic domain. "
How to fix the security hole WebRTC
in Chrome browser, now is a free extension available that patch this problem directly. You can install the module in the Chrome store here.
In Firefox, there are some steps to patch the problem. First, type "about: config" directly in the URL and press Enter bar. Then search for "media.peerconnection.enabled" and double click this option to false.
Lockdown your network with a VPN router
Those who access the VPN using a VPN router are not affected by the vulnerability, but we suggest setting your browsers as a precaution. A VPN router runs the private tunnel directly and distributes the VPN via wifi devices can connect to the network as they normally would. This leaves no chance that a rogue will be able to bypass the VPN software script and find your ISP issued the IP address because the VPN is actually running on your router. VPN router TorGuard store sells a variety of high-speed VPN routers are able to secure a network without sacrificing privacy or performance.
0 Komentar