I love the concept of these events. Not only do they promote computer geeks leaving their seedy basements for a bit of fresh air, but it provides them with an outlet to showcase their technical aptitude - with an opportunity to rake in some top coin if they're successful.
These events are also extremely beneficial for companies and organisations, particularly since successful exploits within systems must be disclosed, which in turn, greatly enhances security of compromised systems - provided they're patched appropriately.
But one of the most gripping pieces of news that emerged from these events no doubt had to be the success of ChromeOS, in its ability to withstand attempts on its structure, from various entrants at Pwnium. For any who doubted hackers had a lot to gain from their exploits, Google provided Pi money as an incentive. That's right - a total of $3.14159 million worth of prize money to be handed out in smaller, yet still tempting $110-150,000 prizes for individuals who either managed a browser or system level compromise in guest mode or logged-in user using a web browser ($110,000), or was able to compromise the system with persistence on a device, also through a web browser ($150,000). For this particular event however, it seemed as though exposing flaws in ChromeOS weren't as easy as Pi, and Google confirmed that whilst no successful exploit on the OS was demonstrated, that they are considering a partial credit prize- because I'm sure it would have been cruel of the them to let every entrant walk out empty handed.
 |
| Samsung Chromebook ARM - Source: Engadget |
I have complete faith in ChromeOS, but I have to since I invested in a Chromebook. It's evident that Google are deadly serious about security, and they know that if they can't perfect the Chrome sandbox on other OS', they're going to be sure to give consumers a big reason to switch to their OS. If the countless security updates Chromebook owners have been receiving these last couple of weeks weren't any indication of Google's commitment, then I don't know what to think. This news surely reaffirms every Chromebook owner's justification for buying into ChromeOS, and it certainly validates the seemingly absurd $1299 asking price for the newly released Chromebook Pixel.
The news also had me thinking about Java, which was also compromised at Pwn2Own - to everyone's expectations. Java has copped a lot of smack recently with its widespread associated malware, which has hit the likes of Windows, Linux and OS X systems, through a false update. At this stage, I can't stand Java, but I don't think I can live without MineCraft. Two weeks ago, I'd noticed errors in Java when I'd execute the game on my Windows 8 desktop, and sure enough, the next day - my desktop was infested with malware, right down to files in its System32 folder. After an entire day wasted searching for a solution, I managed to revive the desktop, and I'm still not entirely convinced it's secure.
 |
| The typical Java Malware update - Source: geek.com |
I'm going off on a tangent at the moment with this rant, but there's a reason for it. I'm one of those incredibly paranoid users, who are constantly checking their virus protection status, is careful with every download, and panics over the smallest of attacks (even cookies). I know the damage that viruses of any sort can have on a system, and I'm pedantic with regards to keeping personal information of any nature secure. Unlike my sister, who leaves every service she uses logged into, she bares resemblance to a child's innate belief that they are invincible - only in an online environment.
I've been wary ever since the attack to use my desktop when I've needed to disclose sensitive information/data online, and have reverted to either my Ubuntu laptop, or Chromebook.
Are you as meticulous as I am, or do you tend not to give security too much of thought on the system(s) you're running? How does the news of ChromeOS' apparent impenetrable defences sound to you? Let me know in the comments below:
No comments:
Post a Comment