Internet Browsers Blocking Some Ports Due To Security Vulnerabilities

If you rely on TCP port 554, you’ll probably want to do a bit of reconfiguration.

Last year, security researchers discovered a new version of the NAT Slipstream vulnerability that allowed hackers to deploy malicious scripts in order to bypass a website visitor’s NAT firewall and access any TCP/UDP port on the visitor’s internal network.

If this issue sounds vaguely familiar, it’s because this isn’t the first time it has come up. When the issue was first reported, Google released Chrome 87, which began blocking HTTP and HTTPS access to TCP ports 5060 and 5061. Then in January of this year (2021) Google expanded their efforts, blocking HTTP, HTTPS, and FTP access to ports 69, 137, 161, 1719, 1720, 1723, and 6566.

Google has, in the past, also blocked port 554, but when they did so initially, they received push back from Enterprise users who asked that the port be unblocked. Google did so, but have now reversed course, and port 554 is once again on the blocked list.

It should also be noted that Google isn’t alone. In addition to Chrome 89, Firefox 84+ and Apple’s Safari browser are already blocking Port 554. So if you host a website on any of the ports mentioned above, you should reconfigure to allow visitors to continue to have unfettered access. Obviously, if you don’t currently utilize that port there’s nothing to do here. If you’re not sure, you will be soon enough, because you’re apt to get complaints from users who can no longer access your site or whatever web-based application you’re running that relies on it.

Despite some back and forth on the matter, this appears to be the path forward. So kudos to Mozilla, Google and Apple for getting on the same page and putting a halt to the threat, even if it took a bit longer than usual for the major forces in the browser ecosystem to all wind up on the same page.

Alternative Search Engine Sees Huge Growth Amid Privacy Concerns

Google is unquestionably the dominant search engine on the web, but how secure is their position?

If recent trends are any indication, they’re in no immediate danger.

However, it’s clear that pressures are mounting on the search giant, and some of the company’s competitors are enjoying rampant growth.

The privacy-oriented search engine DuckDuckGo is leading the charge here, enjoying a massive 62 percent surge in growth over the past 12 months. The total number of searches on its engine passed 100 million in January, 2021.

To be fair, when you’re tiny compared to the competition, it’s easy to boast impressive numbers like that. If the trend holds in the medium to longer term, the tiny search engine with the funny sounding name could become a significant player on the web.

DuckDuckGo uses its own bot to crawl the web, and maintains a strategic partnership with Microsoft’s Bing. Of particular interest, it does not use any data from Google, which has in recent months come under fire from various privacy advocacy groups around the world.

As impressive as DuckDuckGo’s recent growth has been, these numbers can be put in perspective. It’s important to remember that as of now, Google commands a staggering 94 percent of the search market share in the US, with DuckDuckGo coming in a distant second at 2.25 percent, and Yahoo in third place with 1.94 percent.

All that to say, the company deserves recognition for its impressive growth. At the same time though, given the market share numbers, it would be wildly premature to pronounce Google dead as the King of Search, or even at serious risk of being dethroned.

Nonetheless, if you’re concerned about privacy, DuckDuckGo is an attractive alternative to consider. Unlike all the other major search engines, each time you conduct a search using DuckDuckGo, you are essentially a blank slate. The company doesn’t track your search history in any way. If that’s important to you, give them a try.

Microsoft Edge Browser Is Included With Latest Windows 10 Updates

Do you use Microsoft Edge? Unfortunately, Microsoft doesn’t care whether you do or not, they’re force-installing the browser on Windows 10 systems as part of their updates.

Ostensibly, this is because the company is retiring their older versions of Edge and replacing them with the new Chromium-based edge.

In order to make sure that all of the old versions are expunged, the company has declared the latest OS update to be mandatory, and it includes the latest rendition of the Edge browser.

Although the company’s explanation makes perfect sense, it is nonetheless raising the hackles of a significant portion of the Windows user base, who doesn’t use, or even like the Edge browser. In any case, like it or not, use it or not, you’re getting it.

To be clear, Microsoft is actually pushing out a pair of updates designed to do the deed. The first and most impactful of these is KB457654, which is designed to replace the legacy version of Edge on Windows 10 versions 1809, 1903, 1909, and 2004.

The second update is KB4576753 and is designed to specifically target Windows 10 build 1803.

While it is possible to prevent the updates from being installed, honestly, it’s more trouble than it’s worth. There’s no fighting city hall, and the company has made the decision. You’re better off just letting the update happen and then, if you decide you don’t want the new Edge browser, just go in behind the update and uninstall it. It’s not a perfect solution, but to do anything else will cause you to miss out on important security patches. Eventually, the company will find a way to retire the legacy browser and install the new Edge anyway.

It’s frustrating for some users, but that’s the lay of the land. Just be aware, and if you don’t use Edge, remove it when the update makes the switch.

Windows 10 Halting Support For Internet Explorer And Legacy Edge

Recently, Microsoft made an announcement that may have a profound impact on your business if you’re still using Internet Explorer or the legacy version of Microsoft Edge.

The Redmond giant published the dates when Microsoft 365 and Windows 10 will no longer support those browsers.

Here are the dates you need to know: As of November 30, 2020, Microsoft 365 will begin the process of ending support for Internet Explorer 11, when Microsoft Teams its support, with the rest of the Microsoft 365 apps ending support for IE 11 on August 17, 2021. Where Edge Legacy is concerned, the date support ends has been listed as March 9, 2021.

According to a recent Microsoft blog post:

This means that after the above dates, customers will have a degraded experience or will be unable to connect to Microsoft 365 apps and services on IE 11…For degraded experiences, new Microsoft 365 features will not be available or certain features may cease to work when accessing the app or service via IE 11.”

If you’re thinking that you can simply continue using Microsoft 365 by using Edge in Internet Explorer Mode, the company has already addressed that and stressed that such a strategy will not extend IE access to Microsoft 365 products beyond the dates listed above.”

The blog post continues:

Microsoft will continue to support Internet Explorer 11. Internet Explorer is a component of the Windows operating system and follows the Lifecycle Policy for the product on which it is installed….for customers who have business-critical, line-of-business apps running on IE 11 today, IE 11 continues to be a supported browser.”

If you rely on Microsoft 365, and you’re still using Microsoft’s older browser technology, now is the time to get serious about migrating away from them. If you want to stay in the same ecosystem, you can begin migrating to the company’s Chromium-based Edge browser, and in fact, the company has detailed support articles that should help make the transition a smooth one.

Enhanced Tracking Protection Rolling Out To Firefox Users

Cookies have been part of the internet experience since the early days of the web’s history. Advertisers commonly use them to track users. Many users don’t appreciate being tracked, and have made this known to the companies that make the most popular browsers in use today.

These companies have responded to the wishes of their users in various ways.

Rcently, Mozilla quietly added a new feature to the Enhanced Tracking Protection (ETP) portion of their Firefox browser; an internal collection of tools and other components that the browser uses to block the more invasive tracking techniques used on the web.

When Brave, Chrome, Firefox and other browsers first began offering privacy protections, online advertisers developed a new technique called ‘redirect tracking’ in response to the new tools and specifically in an effort to circumvent them. Essentially, the technique involves dropping cookies from its ad slot and as the user navigated across the web and away from the advertisement, the advertiser could see what sites the user visited.

Essentially, tracking has become a kind of arms race, and Mozilla just upped the ante. Beginning with Firefox 79, the browser will clear all first-party cookies every 24 hours for all known advertisers as a way to prevent just this sort of tracking. Users will essentially have a new identity every single day. In some cases, however, cookie clearing will be limited to once every 45 days.

A spokesperson for Mozilla had this to say about the difference between the two cases:

“Sometimes trackers do more than just track; trackers may also offer services you engage with, such as a search engine or social network. If Firefox cleared cookies for these services, we’d end up logging you out of your email or social network every day. “

On balance, this seems like a sensible, well-reasoned approach. Kudos to the folks at Mozilla for taking user privacy seriously.