Subj : Google has a new way to try and stop cookie theft leading to poss To : All From : TechnologyDaily Date : Wed Apr 03 2024 15:45:05 Google has a new way to try and stop cookie theft leading to possible cyberattacks Date: Wed, 03 Apr 2024 14:35:07 +0000 Description: New Google security initiative aims to bind the cookies to the device, rather than the browser. FULL STORY ====================================================================== Google wants to put an end to browser cookie theft by making todays cookies practically worthless. In an announcement on its Chromium blog, Google revealed it is working on a new model that binds user sessions to the actual devices, rather than the browser . That should give antivirus solutions and other endpoint protection tools a better fighting chance against hackers. Lately, cookies have become a popular target for threat actors, as they grant access to various accounts, even with multi-factor authentication (MFA) enabled. They can be extracted with infostealing malware and, even if a subsequent antivirus scan removes it, will remain active and useful to the attackers. Substantial reduction To tackle the problem, Googles engineering team is working on something they call Device Bound Session Credentials (DBSC), a new web capability that will help keep users more secure against cookie theft. The project is being developed in the open at github.com/WICG/dbsc , Google said, adding that the goal is for the project to become an open web standard. BDSC will bind authentication sessions to the actual device, rendering cookies practically worthless. We think this will substantially reduce the success rate of cookie theft malware, Google said. Furthermore, for account theft to work in the new environment, the attackers would need to act locally, on the device, which will be somewhat more difficult due to antivirus and other protection tools. Finally, Google added that many server providers, identity providers, and browsers, said they were interested in the project, as well. We are engaging with all interested parties to make sure we can present a standard that works for different kinds of websites in a privacy preserving way. Eliminating cookie theft would definitely improve the security standing of many organizations, but were fairly certain threat actors would again find a way to compromise user accounts. More from TechRadar Pro Google tries to downplay cookie security risk as nothing new Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/google-has-a-new-way-to-try-and-stop-co okie-theft-leading-to-possible-cyberattacks --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .