Linked by Hadrien Grasland on Mon 16th May 2011 08:13 UTC, submitted by HAL2001
Google "Google Chrome OS is designed around the concept of "expendable" terminals that you can lose, drop or simply throw away without fear of losing your data, which is safely stored into the cloud. [However, one] thing is certain, with all your data being available into the cloud, in one place, available 24/7 through a fast internet link, this will be a goldmine for cybercriminals. All that is necessary here is to get hold of the authentication tokens required to access the cloud account."
Thread beginning with comment 473186
To read all comments associated with this story, please click here.
Getting those "security tokens"...
by koffie on Mon 16th May 2011 08:52 UTC
koffie
Member since:
2010-05-06

Getting those "security tokens" will be a bit harder. Spyware should be out, though the platform has not yet been grilled - exploits might still be possible somehow, but the intend of the platform is to eliminate these risks.

You still have the same 'social engineering', phishing and man-in-the-middle attack problem, and the impact is much higher, but compared to the current spyware/trojan situation, I don't think it's that bad. That is - as long as you trust the "do no evil" corporation behind the cloud storage.

Reply Score: 1

WereCatf Member since:
2006-02-15

Chrome isn't impervious to security issues either. There just was recently a working proof-of-concept that bypassed all of Chrome's built-in security features and ASLR and DEP. As such it's still possible to infect a Chromebook, atleast until it is rebooted if the malware payload is only resident in memory. As such getting the credentials is still quite easy. Google should go for two-factor authentication, not just username/password.

Reply Parent Score: 4

dvhh Member since:
2006-03-20

In my opinion, even if the browser security is compromised, chromebook are running a restricted number of processes, that should be (hopefully ) easier to control. Note that it doesn't prevent from rewriting executing code (covered by NX flag and address space randomization).

Of course we are not in a ideal world, and security probably have been overlooked.

However, I fell more concerned about Using an OS that is not self contained for development .

Reply Parent Score: 2

Soulbender Member since:
2005-08-18

If you're talking about the exploit by that French "security company" who refuses to show any proof of their claim nor have any plans to tell Google what it is instead selling their exploit to the highest bidder, well that is a bunch of horsecrap.
That's not saying Chrome won't have issues but this is probably not it.

Reply Parent Score: 3

Lennie Member since:
2007-09-22

It was hardly in Chrome, it was actually in Flash. But because of the way Flash is build they had to warp it in a 'weaker sandbox' than their normal sandbox.

Also this was on Windows, not sure what effect it would have had on Linux.

Reply Parent Score: 4

Praxis Member since:
2009-09-17

That exploit was windows only, Chromebooks are linux based at heart. That particular exploit is not in play here, others could show up in the future though.

Reply Parent Score: 6

Soulbender Member since:
2005-08-18

That is - as long as you trust the "do no evil" corporation behind the cloud storage.


Anyone who trusts that is incredibly gullible.

Reply Parent Score: 5

flanque Member since:
2005-12-15

Evil is but a point of view.

Reply Parent Score: 1