COTU MEETINGS ARE HELD MONTHLY

* SEE SPECIAL MEETING NOTES & LOCATIONS IN POSTS BELOW *

* IMPORTANT REMINDER *

Only the full website address works when linking on social media. Please use https://www.conservativesoftheupstate.com

Wednesday, August 31, 2016

Google ChromeOS insecure and Google doesn't care ...



The School District Of Pickens County has a "laptop per child" program, matching each student up with a Chromebook, installed with ChromeOS, requiring a Google login ...Interesting news considering word that school networks are under hacker attack in SC recently.From Slashdot:Attackers can add an arbitrary page to the end of a Google login flow that can steal users' credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don't consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter. Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user's credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. [Aidan Woods, the researcher who discovered the bug,] said an attacker also could send an arbitrary file to the target's browser any time the login form is submitted. In an email interview, Woods said exploiting the bug is a simple matter. "Attacker would not need to intercept traffic to exploit -- they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter," Woods said. Google told Woods they don't consider this a security issue.Also in the News:All 70 million Dropbox accounts exposed to hack:http://www.nbcnews.com/tech/security/dropbox-hack-exposed-details-almost-70m-accounts-n640731?cid=sm_fb
This is the way students and teachers save data to the cloud.

No comments:

Post a Comment

COMMENTS ARE REVIEWED BEFORE POSTING!

• Your comment will be posted as soon as possible.

• Do not resubmit or duplicate comments.

• You are not required to leave a URL/website

Feel free to leave an anonymous comment but owning your comments, even if by an alias, is honorable.

Thank you for visiting.