Conservatives Of The Upstate meets the 2nd Thursday of each month @ 6:30PM.

Blue Ridge Bible Church
769 Belle Shoals Rd
Pickens SC 29671



* IMPORTANT REMINDER *

Only the full website address works when linking on social media. Please use www.conservativesoftheupstate.com

Wednesday, August 31, 2016

Google ChromeOS insecure and Google doesn't care ...



The School District Of Pickens County has a "laptop per child" program, matching each student up with a Chromebook, installed with ChromeOS, requiring a Google login ...Interesting news considering word that school networks are under hacker attack in SC recently.From Slashdot:Attackers can add an arbitrary page to the end of a Google login flow that can steal users' credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don't consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter. Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user's credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. [Aidan Woods, the researcher who discovered the bug,] said an attacker also could send an arbitrary file to the target's browser any time the login form is submitted. In an email interview, Woods said exploiting the bug is a simple matter. "Attacker would not need to intercept traffic to exploit -- they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter," Woods said. Google told Woods they don't consider this a security issue.Also in the News:All 70 million Dropbox accounts exposed to hack:http://www.nbcnews.com/tech/security/dropbox-hack-exposed-details-almost-70m-accounts-n640731?cid=sm_fb
This is the way students and teachers save data to the cloud.

No comments:

Post a Comment

COMMENTS ARE REVIEWED BEFORE POSTING!

• Your comment will be posted as soon as possible.

• Do not resubmit or duplicate comments.

• You are not required to leave a URL/website

Feel free to leave an anonymous comment but owning your comments, even if by an alias, is honorable.

Thank you for visiting.