|
Ythan
ᕕ( ᐛ )ᕗ


Registered: 08/08/97
Posts: 18,803
Loc: NY/MA/VT Borderlands
Last seen: 20 minutes, 11 seconds
|
Probably a good idea to disable third-party cookies in your browser 4
#23508475 - 08/04/16 06:23 AM (7 years, 6 months ago) |
|
|
There's a new attack on HTTP/2, one of the current standards which is used all over the internet for secure communication between web sites and your browser. HTTP/2 is used on Gmail, Facebook, the Shroomery, and a lot of other modern web sites. You can tell if a site is using HTTP/2 by installing an addon like HTTP/2 and SPDY indicator for Chrome or Firefox.
You can read the linked article for technical details if you want. Basically, it's kind of complex and you'd have to be specifically targeted by an attacker, but it would be possible for someone to figure out the encrypted content of your connection by abusing the properties of HTTP/2 compression, which make some responses a different size than other responses. It's kind of clever, actually.
I'm sure the HTTP/2 spec will be updated to address this issue, but for now the way to protect yourself is to disable third-party cookies in your web browser. Since you're reading the Security & Safety forum, you might already have your system set up this way. Most legitimate sites will not require third-party cookies to function, and even without an exploit, third-party cookies can allow your browser to leak information about your identity to other sites besides the one you typed into the address bar.
In Chrome, you can go to Settings | Show advanced settings... | Privacy [Content Settings] | [X] Block third-party cookies and site data.
In Firefox you can go to Tools | Options | Privacy | Accept third-party cookies: [Never]
In IE you can go to Internet Options | Privacy | [Advanced] | [X] Override automatic cookie handling | Third-party Cookies [X] Block
I personally am not too worried about this attack because it's tricky to pull off and it will probably be fixed soon, but never underestimate what lazy hackers are able to automate in a short amount of time. Since disabling third-party cookies is a good idea anyway from a privacy perspective, it's probably better safe than sorry.
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: Ythan]
#23512865 - 08/05/16 01:37 PM (7 years, 6 months ago) |
|
|
Good idea, but a lot of websites require third party cookies to function like to log into accounts ect...https everywhere is a great extension to block some cookies that might not be needed while still allowing a site to function semi correctly.
|
h0ldthedoor
HODOR



Registered: 06/25/16
Posts: 510
Loc: North of The Wall
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: tdubz]
#23527768 - 08/10/16 09:53 AM (7 years, 6 months ago) |
|
|
Thanks Ythan!!
--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you. – Petyr Baelish
|
John Nada
Toujours Frais

Registered: 03/03/03
Posts: 97,746
Loc: Hotwings; race car
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: tdubz] 1
#23529002 - 08/10/16 05:55 PM (7 years, 6 months ago) |
|
|
Quote:
tdubz said: Good idea, but a lot of websites require third party cookies to function like to log into accounts ect...https everywhere is a great extension to block some cookies that might not be needed while still allowing a site to function semi correctly.
Nobody listen to this guy. I saw him make a thread celebrating the anniversary of Windows 10.
|
h0ldthedoor
HODOR



Registered: 06/25/16
Posts: 510
Loc: North of The Wall
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: John Nada]
#23529099 - 08/10/16 06:19 PM (7 years, 6 months ago) |
|
|
--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you. – Petyr Baelish
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: h0ldthedoor]
#23530195 - 08/11/16 03:47 AM (7 years, 6 months ago) |
|
|
Some sites will just break if you disable 3rd party cookies It's like using no script for everything an having to manually allow shit through for every little thing you want to see.
|
h0ldthedoor
HODOR



Registered: 06/25/16
Posts: 510
Loc: North of The Wall
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: tdubz]
#23530396 - 08/11/16 06:29 AM (7 years, 6 months ago) |
|
|
Your mood is apt.
--------------------
Always keep your foes confused. If they are never certain who you are or what you want, they cannot know what you are like to do next. Sometimes the best way to baffle them is to make moves that have no purpose, or even seem to work against you. – Petyr Baelish
|
Byrain

Registered: 01/07/10
Posts: 9,664
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: tdubz]
#23534502 - 08/12/16 11:33 AM (7 years, 6 months ago) |
|
|
Quote:
tdubz said: Some sites will just break if you disable 3rd party cookies It's like using no script for everything an having to manually allow shit through for every little thing you want to see.
Noscript is easy, I also use requestpolicy and umatrix on top of that extra redundancy.
Self destructing cookies is a good addon for making sure crappy cookies don't stick around when they are allowed. https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
Bleachbit is a good program for cleaning out already existing crap. https://www.bleachbit.org/
|
tdubz



Registered: 02/26/12
Posts: 5,586
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: Byrain]
#23534548 - 08/12/16 11:46 AM (7 years, 6 months ago) |
|
|
|
PatrickKn



Registered: 07/10/11
Posts: 20,613
|
Re: Probably a good idea to disable third-party cookies in your browser [Re: tdubz]
#23535894 - 08/12/16 07:29 PM (7 years, 6 months ago) |
|
|
Thanks for the heads up, changed my settings today.
|
|