Jump to content

Pwn2own hackers finally break into Google Chrome


Recommended Posts

http://www.theinquirer.net/inquirer/news/2069518/pwn2own-hackers-finally-break-google-chrome-sandbox

Η παραπάνω εξέλιξη έρχεται να δείξει πως το security είναι μια συνεχής μάχη και όχι μια κατάκτηση που κάποιος μπορεί να ισχυριστεί ότι τι έχει πετύχει απλά και μόνο με το όνομα του.

ΕΠίσης αποδυναμώνει ακόμη περισσότερο το επιχείρημα ότι ένα pc Που δεν έχει δεδομένα πάνω του δεν χρειάζεται antivirus ή antimalware protections.

Δείτε μια ενδιαφέρουσα προσέγγιση σε αυτό παρακάτω:

An interesting view on Cloud Security by Kaspersky. If Google became successful with the Chromebook, since the machines hold no user data, attackers would focus on breaking into the machines to steal credentials. Not that it is anything new, but a move to systematically attacking machines just for account information would actually make the online world an even more dangerous place, since such data can be more systematically captured (being stored in a centralized and consistent form in the devices) than the documents actually stored in current machines.

 

 

SECURITY CONSULTANCY Kaspersky Lab shot down claims Google has made about the security of its Chromebook, such as it "doesn't need virus protection".

Kaspersky expert Costin Raiu said the statement came at a pretty bad time, with French security firm Vupen announcing this week that it broke into Google Chrome's security protection.

You would imagine criminals would quickly get busy on the Chromebook, trying to find ways of infecting it using a similar type of exploit, which would simply need a user to browse a booby-trapped web page.

However, Raiu said that the Chrome OS is designed in such a way that it has a good self healing capacity, is easy to update, and is resilient against any outside modification. Reinstallation also won't be a problem, as none of the data is held on the computer.

He said, "It's a new operating system, it has new security defenses into place (self healing, updates) and it's used in a different way - the data is not on the computer but in the cloud."

But of course, hackers could go for the information Google has in the cloud. As Sony found to its cost, any leak would could be disastrous.

"With Cloud centric OS'es, the race will be towards stealing access credentials, after which, it's 'game over'," Raiu said.

"Who needs to steal banking accounts, when you have Google Checkout? Or, who needs to monitor passwords, when they're all nicely stored into the Google Dashboard?"



Read more: http://www.theinquirer.net/inquirer/news/2070543/kaspersky-google-chromebook-security-worse#ixzz1M9zQ4j56

 

 

Link to comment
Share on other sites

 Share

×
×
  • Create New...