"Google Chrome OS is designed around the concept of "expendable" terminals that you can lose, drop or simply throw away without fear of losing your data, which is safely stored into the cloud. [However, one] thing is certain, with all your data being available into the cloud, in one place, available 24/7 through a fast internet link, this will be a goldmine for cybercriminals. All that is necessary here is to get hold of the authentication tokens required to access the cloud account."
Post a Comment
Member since:
2010-05-06
Getting those "security tokens" will be a bit harder. Spyware should be out, though the platform has not yet been grilled - exploits might still be possible somehow, but the intend of the platform is to eliminate these risks.
You still have the same 'social engineering', phishing and man-in-the-middle attack problem, and the impact is much higher, but compared to the current spyware/trojan situation, I don't think it's that bad. That is - as long as you trust the "do no evil" corporation behind the cloud storage.
Member since:2006-02-15
Chrome isn't impervious to security issues either. There just was recently a working proof-of-concept that bypassed all of Chrome's built-in security features and ASLR and DEP. As such it's still possible to infect a Chromebook, atleast until it is rebooted if the malware payload is only resident in memory. As such getting the credentials is still quite easy. Google should go for two-factor authentication, not just username/password.
Member since:2006-03-20
In my opinion, even if the browser security is compromised, chromebook are running a restricted number of processes, that should be (hopefully ) easier to control. Note that it doesn't prevent from rewriting executing code (covered by NX flag and address space randomization).
Of course we are not in a ideal world, and security probably have been overlooked.
However, I fell more concerned about Using an OS that is not self contained for development .
Member since:2005-08-18
If you're talking about the exploit by that French "security company" who refuses to show any proof of their claim nor have any plans to tell Google what it is instead selling their exploit to the highest bidder, well that is a bunch of horsecrap.
That's not saying Chrome won't have issues but this is probably not it.
Member since:2007-09-22
Member since:2009-09-17
Member since:2005-08-18
Member since:2005-12-15
Member since:2005-07-06
Member since:2007-02-06
Member since:
2011-03-17
Member since:2005-12-15
Member since:2005-07-06
Member since:2005-07-22
How long before the location of these data centres become a matter of national security? They are after all pretty obvious targets for the 'bad guys'.
I know one DC that is totally below ground. The only thing above ground is a small building which houses the lift shaft and a car pak for 5-6 vehicles. Try blowing that one up....
Member since:
2008-05-03
The Cloud -- great for document collaboration and sharing, free software like Google Docs, no worries for me about backups, and other advantages.
But also The Cloud -- who knows where your data is stored or who can see it? Security and backups may be well handled or not... it's not longer in your power to control them. And as far as using Google for the Cloud... their entire business plan is based on using other peoples' data (OPD).
The Cloud is great for many informal uses. But the companies and individuals who naively use it without probing -- deeply -- about specifics are taking big chances.
My slogan for the Cloud -- caveat emptor!
Member since:
2005-06-29
Going after Amazon, IBM, Microsoft and VmWare. And Chromebooks will play a major part. Google just has to convince people that this a good way to go. The only thing that bothers me is that I haven't seen anything like Windows Azure Appliance announced by Google.
I've been watching GoogleIO 2011 videos for a few days straight and I like what I am seeing. HTML5 is cool stuff. For once, HTML is really impressive. I realize that we're in the very early stages of a HTML5 web but the potential is real.
PS: While watching the videos, I kept thinking Minecraft rendered in HTML5.