Google ChromeOS insecure and Google doesn't care ...

The School District Of Pickens County has a "laptop per child" program, matching each student up with a Chromebook, installed with ChromeOS, requiring a Google login ...Interesting news considering word that school networks are under hacker attack in SC recently.From Slashdot:Attackers can add an arbitrary page to the end of a Google login flow that can steal users' credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it, but Google officials said they don't consider it a security issue. The bug results from the fact that the Google login page will take a specific, weak GET parameter. Using this bug, an attacker could add an extra step to the end of the login flow that could steal a user's credentials. For example, the page could mimic an incorrect password dialog and ask the user to re-enter the password. [Aidan Woods, the researcher who discovered the bug,] said an attacker also could send an arbitrary file to the target's browser any time the login form is submitted. In an email interview, Woods said exploiting the bug is a simple matter. "Attacker would not need to intercept traffic to exploit -- they only need to get the user to click a link that they have crafted to exploit the bug in the continue parameter," Woods said. Google told Woods they don't consider this a security issue.Also in the News:All 70 million Dropbox accounts exposed to hack:http://www.nbcnews.com/tech/security/dropbox-hack-exposed-details-almost-70m-accounts-n640731?cid=sm_fb
This is the way students and teachers save data to the cloud.