The Indelible Bonobo Experience

Renaissance Monkey: in-depth expertise in Jack-of-all-trading. I mostly comment on news of interest to me and occasionally engage in debates or troll passive-aggressively. Ask or Submit 2 mah authoritah! ;) !

Link Post

We Are Hidden::: UnChrome

wearehidden:

From Abelssoft:

According to Google, “Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.” However, each Google Chrome installation contains a unique ID that identifies its user. Google doesn’t make it an easy job…

Go 4 it

(via wearehidden)
Posted in chrome chromium privacy google | 8 notes
Photo Post
After exploiting six different Chrome vulnerabilities, a hacker named Pinkie Pie was able to display this image on his target machine and get the $60000 bounty. (via Chromium Blog: A Tale of Two Pwnies (Part 1), at) “It’s interesting to see the bugs listed this way because when writing the exploit I only counted three bugs, not six,” he wrote. “117417, 117715, and 117736 are all hardening measures that enforce security boundaries that don’t strictly need to exist, which I guess is a good thing.” He went on to say he wasn’t sure if he could break out of Chrome’s sandbox a second time. “Finding vulnerabilities is very luck based, and a new exploit would likely use a totally different code path,” he explained. “But keep in mind that to be eligible for the $60,000, I had to use only bugs in Chrome itself, not the operating system, which is a fairly severe restriction compared to a real attack.” He also noted that the successful attack of Sergey Glazunov, the other Pwnium contestant to take home a $60,000 prize, “relied on roughly 10 distinct bugs,” according to the Google blog post. An upcoming post will contain the details, Google promised. The exploit underscores the hacking truism that it can take a single teenager days to break what hundreds of highly paid professionals have spent years to build. While Pinkie Pie’s journey was painstaking, he said at the time that it took him only about 10 days to plan and execute it. The episode also explains why Google to date has awarded more than $500,000 to hackers who privately report vulnerabilities in its software and services. Sometimes, the only way to erect an impenetrable castle is to occasionally watch it come crashing down.

After exploiting six different Chrome vulnerabilities, a hacker named Pinkie Pie was able to display this image on his target machine and get the $60000 bounty. (via Chromium Blog: A Tale of Two Pwnies (Part 1), at)

  • “It’s interesting to see the bugs listed this way because when writing the exploit I only counted three bugs, not six,” he wrote. “117417, 117715, and 117736 are all hardening measures that enforce security boundaries that don’t strictly need to exist, which I guess is a good thing.”
  • He went on to say he wasn’t sure if he could break out of Chrome’s sandbox a second time.
  • “Finding vulnerabilities is very luck based, and a new exploit would likely use a totally different code path,” he explained. “But keep in mind that to be eligible for the $60,000, I had to use only bugs in Chrome itself, not the operating system, which is a fairly severe restriction compared to a real attack.”
  • He also noted that the successful attack of Sergey Glazunov, the other Pwnium contestant to take home a $60,000 prize, “relied on roughly 10 distinct bugs,” according to the Google blog post. An upcoming post will contain the details, Google promised.
  • The exploit underscores the hacking truism that it can take a single teenager days to break what hundreds of highly paid professionals have spent years to build. While Pinkie Pie’s journey was painstaking, he said at the time that it took him only about 10 days to plan and execute it. The episode also explains why Google to date has awarded more than $500,000 to hackers who privately report vulnerabilities in its software and services. Sometimes, the only way to erect an impenetrable castle is to occasionally watch it come crashing down.
Posted in pinkie pie chrome chromium google hack crack security it sergey glazunov pwnium pwnd hacking hacker tech sandbox
Quote Post
I think it’s important for users to know that no matter what permissions they grant to an app, a lot of data can be collected about you and your smart phone if the app chooses to look for it. Malware aside, I think the gathering of identifying data is more likely to be used by legitimate apps. In the upcoming paper “Unsafe Exposure Analysis of Mobile In-App Advertisement,” due to be released next week, the authors discuss how legitimate apps that include advertising libraries allow the associated ad networks to gather any data that the app itself can access.

Interview: Android Engineered To Enable Data Harvesting | threatpost

Other than security and privacy, what improvements are some asking Google to make for Android?

  • The new Aura Desktop Window Manager treats browser windows as windows that can be moved, to reveal a desktop area, and can be separated into discrete UI elements. The Chrome browser in Chrome OS now works more or less like it does on Windows or OS X hardware. It even includes a taskbar for launching Web apps.
  • Better hardware. The current crop of Chromebooks is underpowered and not particularly innovative. Look at what Apple has done with the MacBook Air and at what some of the makers of ultrabooks have accomplished. Now make something better, and offer both high- and low-end models. You’ll never attract power users with underpowered, under-equipped devices.
  • Web-based IDE. Buy Cloud 9 or hurry up and roll out “Brightly”, your long-rumored Web-based IDE. If you want developers to create Web apps, give them tools that allow them to do so using Chrome. 
  • Support local storage. Stop with the “nothing but the Web” nonsense. Pichai once said, “I don’t think we need files anymore.” And somehow, no one else at Google mustered a coherent rebuttal. The notion is absurd. Files represent ownership. They offer a defense against lock-in. You yourself make a big deal about this with your Data Liberation Front. Files are freedom. Without them, one’s data exists only at the pleasure of one’s service provider. And that’s no way to live. Chrome OS will be able to challenge Linux, OS X, or Windows when it offers broad support for storing data locally and mirroring local files in the cloud.
  • Offline apps. Your notion that cloud computing can completely replace local computing is as absurd as your nothing-but-the-Web conceit. Google Apps needs to run offline and to be at least as responsive as Microsoft Word in the absence of a network connection. Really, any Web app should run offline. We have the technology, even if HTML5 local storage might not be mature yet. Of course, you don’t want people to operate offline because you cannot deliver ads or collect data when there’s no network connection. But you would do better to provide services that people want to use rather than trying to steer customers toward services that fit your business model.

(/.)

Posted in google chrome advertising privacy information data aura sundar pinchai windows os tech linux web.cloud files security