Linked by Hadrien Grasland on Mon 16th May 2011 08:13 UTC, submitted by HAL2001
Google "Google Chrome OS is designed around the concept of "expendable" terminals that you can lose, drop or simply throw away without fear of losing your data, which is safely stored into the cloud. [However, one] thing is certain, with all your data being available into the cloud, in one place, available 24/7 through a fast internet link, this will be a goldmine for cybercriminals. All that is necessary here is to get hold of the authentication tokens required to access the cloud account."
Order by: Score:
Getting those "security tokens"...
by koffie on Mon 16th May 2011 08:52 UTC
koffie
Member since:
2010-05-06

Getting those "security tokens" will be a bit harder. Spyware should be out, though the platform has not yet been grilled - exploits might still be possible somehow, but the intend of the platform is to eliminate these risks.

You still have the same 'social engineering', phishing and man-in-the-middle attack problem, and the impact is much higher, but compared to the current spyware/trojan situation, I don't think it's that bad. That is - as long as you trust the "do no evil" corporation behind the cloud storage.

Reply Score: 1

WereCatf Member since:
2006-02-15

Chrome isn't impervious to security issues either. There just was recently a working proof-of-concept that bypassed all of Chrome's built-in security features and ASLR and DEP. As such it's still possible to infect a Chromebook, atleast until it is rebooted if the malware payload is only resident in memory. As such getting the credentials is still quite easy. Google should go for two-factor authentication, not just username/password.

Reply Score: 4

dvhh Member since:
2006-03-20

In my opinion, even if the browser security is compromised, chromebook are running a restricted number of processes, that should be (hopefully ) easier to control. Note that it doesn't prevent from rewriting executing code (covered by NX flag and address space randomization).

Of course we are not in a ideal world, and security probably have been overlooked.

However, I fell more concerned about Using an OS that is not self contained for development .

Reply Score: 2

Soulbender Member since:
2005-08-18

If you're talking about the exploit by that French "security company" who refuses to show any proof of their claim nor have any plans to tell Google what it is instead selling their exploit to the highest bidder, well that is a bunch of horsecrap.
That's not saying Chrome won't have issues but this is probably not it.

Reply Score: 3

Lennie Member since:
2007-09-22

It was hardly in Chrome, it was actually in Flash. But because of the way Flash is build they had to warp it in a 'weaker sandbox' than their normal sandbox.

Also this was on Windows, not sure what effect it would have had on Linux.

Reply Score: 4

Praxis Member since:
2009-09-17

That exploit was windows only, Chromebooks are linux based at heart. That particular exploit is not in play here, others could show up in the future though.

Reply Score: 6

Soulbender Member since:
2005-08-18

That is - as long as you trust the "do no evil" corporation behind the cloud storage.


Anyone who trusts that is incredibly gullible.

Reply Score: 5

flanque Member since:
2005-12-15

Evil is but a point of view.

Reply Score: 1

orestes Member since:
2005-07-06

This is true. One man's evil is another's protection of self interest. Which is fine and dandy, as long as Google's interests coincide with it's userbase's

Reply Score: 2

Vietman Member since:
2007-02-06

Google doesn't have its users' best interests at heart I assure you.

Reply Score: 1

Cloud servers
by danbuter on Mon 16th May 2011 10:12 UTC
danbuter
Member since:
2011-03-17

I'd be far more worried about where my data is. Are the servers in China in a floodplain? What about if there's an internet outage of some type and I can't access any of my files?

Reply Score: 2

RE: Cloud servers
by flanque on Mon 16th May 2011 12:15 UTC in reply to "Cloud servers"
flanque Member since:
2005-12-15

Stick with Windows - it was designed to be offline. ;-)

Reply Score: 5

RE: Cloud servers
by Vanders on Mon 16th May 2011 13:51 UTC in reply to "Cloud servers"
Vanders Member since:
2005-07-06

I'd be far more worried about where my data is. Are the servers in China in a floodplain?


Any reputable cloud provider will tell you exactly where their data centres are located and allow you to choose which one(s) you wish to store your data in.

Reply Score: 2

re: any reputable provider
by shotsman on Mon 16th May 2011 15:14 UTC in reply to "RE: Cloud servers"
shotsman Member since:
2005-07-22

How long before the location of these data centres become a matter of national security? They are after all pretty obvious targets for the 'bad guys'.

I know one DC that is totally below ground. The only thing above ground is a small building which houses the lift shaft and a car pak for 5-6 vehicles. Try blowing that one up....

Reply Score: 3

benali72
Member since:
2008-05-03

The Cloud -- great for document collaboration and sharing, free software like Google Docs, no worries for me about backups, and other advantages.

But also The Cloud -- who knows where your data is stored or who can see it? Security and backups may be well handled or not... it's not longer in your power to control them. And as far as using Google for the Cloud... their entire business plan is based on using other peoples' data (OPD).

The Cloud is great for many informal uses. But the companies and individuals who naively use it without probing -- deeply -- about specifics are taking big chances.

My slogan for the Cloud -- caveat emptor!

Reply Score: 2

Google is ambitious
by ronaldst on Mon 16th May 2011 21:59 UTC
ronaldst
Member since:
2005-06-29

Going after Amazon, IBM, Microsoft and VmWare. And Chromebooks will play a major part. Google just has to convince people that this a good way to go. The only thing that bothers me is that I haven't seen anything like Windows Azure Appliance announced by Google.

I've been watching GoogleIO 2011 videos for a few days straight and I like what I am seeing. HTML5 is cool stuff. For once, HTML is really impressive. I realize that we're in the very early stages of a HTML5 web but the potential is real.

PS: While watching the videos, I kept thinking Minecraft rendered in HTML5.

Reply Score: 2