Go Back   DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts > Computer/MAC Help/Info. & New Technology > General Computer/Android Help, News & Info + New Technology

General Computer/Android Help, News & Info + New Technology Find All The Latest Reports/Reviews in Here. Start a New Thread in Here if You Need Help

IMPORTANT ANNOUNCEMENT
Hallo to All Members. As you can see we regularly Upgrade our Servers, (Sorry for any Downtime during this). We also have added more Forums to help you with many things and for you to enjoy. We now need you to help us to keep this site up and running. This site works at a loss every month and we appeal to you to donate what you can. If you would like to help us, then please just send a message to any Member of Staff for info on how to do this,,,, & Thank You for Being Members of this site.
Post New ThreadClosed Thread
 
LinkBack Thread Tools Display Modes
Old 06-07-11, 19:43   #1
 
Ladybbird's Avatar
 
Join Date: Feb 2011
Posts: 34,244
Thanks: 23,061
Thanked 12,656 Times in 8,506 Posts
Ladybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond repute

Awards Showcase
Best Admin Best Admin Gold Medal Gold Medal 
Total Awards: 6

Chrome OS has Security Problems

June 30, 2011 10:10 AM PDT
Chrome OS has Security Flaws, claims researcher

by CNET





Google's Chrome OS
(Credit: Google)



Google may see its Chrome operating system as more secure than traditional alternatives, but one security researcher believes the cloud-based OS is vulnerable, according to a Reuters story published yesterday.

WhiteHat Security researcher Matt Johansen said he found a flaw in a Chrome OS application that he was able to exploit to gain control of a Google e-mail account. Though Google fixed the flaw after it was reported, Johansen claims to have discovered other applications with the same flaw, Reuters said.

In citing the security holes in Chrome OS, Johansen specifically pointed to the ability of hackers who can steal data as it moves between the cloud and the Chrome OS browser instead of hacking directly into a user's PC.

"I can get at your online banking or your Facebook profile or your e-mail as it is being loaded in the browser," he told Reuters. "If I can exploit some kind of Web application to access that data, then I couldn't care less what is on the hard drive."

The vulnerable applications cited by Johansen are extensions downloaded from the Google Chrome Web Store. Though most other browsers also use extensions, Johansen believes there's a design flaw in Google Chrome OS that gives extensions "sweeping rights to access data stored on the cloud."

In response to Johansen's claims, a Google spokeswoman confirmed with CNET that the initial extension reported by the researcher was patched months ago but questioned the overall labeling of Chrome OS as vulnerable due to its use of extensions.

"It is a mischaracterization to say that this is something inherently baked into the Chrome operating system because all modern browsers run extensions," she said. "If anything, this is more about Chrome the browser and what do we do to protect extensions running on Chrome."

The spokeswoman also said she contacted the writer of the Reuters piece to ask for the proof from WhiteHat that this is a fundamental design flaw in the OS.

"There's a lot of work that we've been doing around security to protect extensions running on Chrome," Google said. "Extensions running in Chrome have actually been designed to limit access privileges and to run in isolation by default. Incognito mode on Chrome OS and Chrome do not allow extensions unless they are explicitly whitelisted by the user, and enterprises can also enforce extension whitelisting for their domain."

Caesar Sengupta, director of Chrome OS, told Reuters that Google is also looking into ways to tag "questionable" extensions without making it difficult for developers to distribute their extensions to the Chrome Web Store. The representative confirmed that Google has security people working on this aspect as well.

"All modern browsers run extensions, and all major computer lines support browsers," added the spokeswoman. "These kinds of web attacks are also valid on other browsers and devices, as even extension reviews are not foolproof."

A spokesman for WhiteHat Security seemed to want to soften the tone reflected in the Reuters piece by telling CNET that WhiteHat has a good relationship with Google's security people and works closely with them on vulnerabilities.

"The Black Hat talk (which spurred the Reuters piece) is really about how moving the OS to the cloud presents different security challenges," said the WhiteHat spokesman, "i.e. we're not trying to 'call out' Google for anything."

Johansen had told Reuters that he and fellow researcher Kyle Osborn will reveal more information about the reported vulnerabilities in Chrome OS at the Black Hat hacking conference in Las Vegas this August.

Johansen also tried to clarify and explain his findings in response to questions from CNET.

"I wouldn't say Chrome OS is 'not secure,' but it certainly isn't the end-all of security issues," Johansen told CNET. "All of the steps to remove access to the hard drive and all of the sandboxing that Google does are great security improvements. The part where security issues arise, other than browser exploits, which will likely come out in the future and Chrome patches frequently, is the fact that these extensions, which are mostly developed by third parties that have a permission set that sometimes is pretty wide open."

Johansen said that he also saw this issue in the Android app store with apps that had permission to access a user's contact list and GPS location.

All browsers and Web-based apps face similar issues with vulnerabilities, Johansen added. But with Chrome OS, since you can't install software on the hard drive, extensions are the only way to add functionality outside of the browser.

"Just like an iPad or a smartphone, people go 'app crazy;' to get use out of a ChromeOS machine you will need to go 'extension crazy,'" Johansen said.

WhiteHat also looked into extensions from other browsers such as Firefox and Safari to see if they faced the same security flaws.

Johansen concluded that most other browser extensions act more like software, while Chrome OS extensions act more like "mini Web applications." As a result, other browsers can be affected by software vulnerabilities, such as buffer overflows. But Chrome can be hit by Web application vulnerabilities, Johansen said. Such vulnerabilities were detailed in a WhiteHat 2007 white paper, open it here;


(PDF).


__________________
Nil Carborundum Illegitemi My Advice is Free My Friendship is Priceless

FREEBIES Continue to be a BURDEN on Our Increasing Server/Privacy Costs. Please DONATE Something to HELP...PM an Admin for Further Info.



& Thanks to Those That Have Taken The Time to Register & Become a Member of ... 1...
Ladybbird is online now  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
The Following User Says Thank You to Ladybbird For This Useful Post:
FreaknDavid (08-07-11)
Old 29-07-11, 00:13   #2
pop
Official Site Mascot/Moderator
 
pop's Avatar
 
Join Date: Jun 2011
Posts: 1,179
Thanks: 2,019
Thanked 1,001 Times in 636 Posts
pop has much to be proud ofpop has much to be proud ofpop has much to be proud ofpop has much to be proud ofpop has much to be proud ofpop has much to be proud ofpop has much to be proud ofpop has much to be proud of

Awards Showcase
Bronze Medal 
Total Awards: 1

Default Re: Chrome OS has Security Problems

I read somewhere the security guy from FF is/has moved over to google more $$, which doesn't make me feel very good about FireFox, my fav Browser
pop is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiTweet this Post!
Post New ThreadClosed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
SEO by vBSEO 3.5.2
Designed by: vBSkinworks