Two members of the WhiteHat Security's Threat Research Center...discovered a slew of serious and fundamental security design flaws that with no more than a single mouse-click may victimize users by:
- Exposing of all user email, contacts, and saved documents.
- Conduct high speed scans their intranet work and revealing active host IP addresses.
- Spoofing messaging in their Google Voice account.
- Taking over their Google account by stealing session cookies, and in some case do the same on other visited domains.
While Chrome OS and Chromebooks has some impressive and unique security features, they are not all encompassing. Google was informed of the findings, some vulnerabilities were addressed, bounties generously awarded, but many of the underlying weaknesses yet remain -- including for evil extensions to be easily made available in the WebStore, the ability for payloads to go viral, and javascript malware survive reboot. With the cloud and web-based operating systems poised to make an impact on our computing future, Matt and Kyle ready to share all their never-before-seen research through a series of on-stage demonstrations.
Bookmarks