fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Google Chrome For Linux Is Getting DNS-over-HTTPS, But There’s A Catch

Google Chrome For Linux Is Getting DNS-over-HTTPS, But There’s A Catch

Google Chrome developers have announced plans to roll out DNS-over-HTTPS (DoH) support to Chrome web browser for Linux.

DoH has been supported on Google Chrome for other platforms, including Windows, Mac, ChromeOS, and Android, since at least 2020. 

While the exact version of Chrome for Linux that would come out with DoH support is yet to be announced, the Chromium project expects either M91 or M92 to contain the feature.

Google to roll out DoH support on Chrome for Linux

Yesterday, the open-source Chromium project which powers the Google Chrome web browser announced plans to release a Chrome for Linux version with DNS-over-HTTPS support.

Since 2020, Google Chrome has already been supporting DoH on platforms like Windows, Mac, ChromeOS, and Android under a Chrome feature called “Secure DNS.”

DoH encrypts regular DNS traffic over HTTPS with both DNS requests and responses being transmitted over port 443, making the traffic blend right in with regular traffic to HTTPS websites.

Also Read: What You Should Know About The Data Protection Obligation Singapore

This not only provides end-to-end encryption to the user but also extended privacy, as now their DNS traffic cannot easily be intercepted by a network administrator.

“Chrome has never supported DoH on Linux because that would require Chrome’s built-in DNS client, which itself is currently disabled on Linux,” reads the design document for this upcoming feature.

Chrome has always delegated host resolution on Linux to the operating system’s DNS resolver, except with non-standard policy settings.

Furthermore, the web browser’s built-in DNS client had been left disabled on Linux implementation for years because Chrome did not honor advanced Linux DNS configuration via the Linux Name Configuration Switch file (nsswitch.conf), explains Chromium developer Eric Orth in the document.

“The reason it is not yet supported is because of Linux’s variability and advanced configurability.”

“Chrome would need more advanced parsing of Linux configurations to avoid overriding or otherwise interfering with such advanced configurations,” Orth had stated last year.

So, what’s the catch?

This is where it gets interesting and goes back to the previous point.

To make Chrome’s built-in DNS resolver work smoothly with Linux, Chrome needs to read and parse Linux DNS configuration to be able to disable DoH on unsupported configurations.

Specifically, support needs to be built-in so that Chrome can honor the advanced host resolution configuration settings specified in the nsswitch.conf file.

“As Chrome’s resolver does not support changing such mechanisms or their order, Chrome’s support for respecting nsswitch.conf will be limited to detection of whether or not the configuration is a common configuration compatible with Chrome behavior,” explains the design document.

Should this not be the case, Chrome will not switch to DoH or use the built-in DNS resolver unless the user explicitly selects a DoH server in Chrome’s settings.

Moreover, although DoH brings with it added security and privacy for the user, there are some minor caveats with any DoH implementation, regardless of what platform.

Merely being end-to-end encrypted does not make DoH service providers immune to abuse by adversaries.

As previously reported by BleepingComputer, attackers have very much abused Google’s own DNS-over-HTTPS service to facilitate their malware’s command-and-control (C2) activities.

Additionally, because DoH functions over multiple networking layers (it is really DNS over HTTP over TLS), minor latency is expected affecting page load times.

Thankfully, Chrome developers have accounted for this:

“If a resulting DoH server performs poorly compared to the previous Classic DNS server, page load performance could be negatively affected.”

“But the default mode is to only upgrade to same-provider DoH servers which are expected to have similar performance,” explains Orth.

In DoH rollouts on non-Linux platforms made by Google so far, DoH was found to be only slightly slower than classic DNS and caused “insignificant” impact to overall Chrome performance.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

The Chromium project is yet to announce what version of Google Chrome for Linux will have DoH support.

But, Google developers expect the feature to come out in either upcoming version M91 or M92 of Chrome for Linux.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us