msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

27 Mar 12 Google Chrome OS



The 404 725: Where everybody calls in sick (podcast)


With Jeff too sick to come in this morning, Dan Ackerman and Scott Stein from CNET’s Digital City Podcast jump into the studio with me to record today’s show.

And don’t worry, this will NOT be a repeat of the infamous “Cheese Stands Alone” episode, so big thanks to Dan and Scott for coming to my rescue!

We spoke briefly about Google Chrome OS on yesterday’s show, but I’d be a dummy not to ask two of our laptop editors about it while I have a chance.

At Tuesday’s Chrome OS launch event, Google unveiled the Cr-48 Chrome Netbook that has a 12.1-inch display, a full-size keyboard, embedded 3G access and 802.11n Wi-Fi, an SSD, and a battery rated to eight hours of continuous use, and more than eight days of standby time.

The laptop won’t be available to purchase until the final one rolls out at the end of next year, but Google’s Chrome pilot program gives anyone the chance to be a beta tester for the hardware and software.

To apply, start by filling out this form, but hurry because quantities are limited and some lucky geeks already received theirs today!

Speaking of laptops, Dan brings in the Dell Inspiron Duo for show and tell. The creative design marries the traditional folding clamshell laptop computer with a hinge in the middle of the lid that flips the screen 180 degrees, transforming the device into a tablet PC.

You can also purchase an optional speaker dock for higher-quality media playback, and we like that there’s a built-in Web cam for video chats, but it’s built into part of the screen bezel so it disappears when the display is flipped into tablet mode- doh!

A good portion of the show is also dedicated to a prototype of a new prosthetic arm shaped like a tentacle, but you’ll have to tune in to get the full story.

Thanks again to Scott and Dan for coming in this morning, and send your best wishes to Jeff for a quick recovery! Seriously, the show can’t go on without at least 2/3 hosts!


Episode 725

Subscribe in iTunes audio | Suscribe to iTunes (video) | Subscribe in RSS Audio | Subscribe in RSS Video

more

Originally posted at The 404 Podcast

Topics: Show notes, The 404 podcast Tags: Justin Yu, playoffs, Jets, prosthetic, Super Bowl, iPad 2, Cr-48, Facebook, Jeff Bakalar, Google, Apple, laptop, Google Chrome OS, The 404 Podcast, Dell Inspiron, Duo, Scott Stein, Digital City, CNET, Dan Ackerman

Article source: http://news.cnet.com/posts/?keyword=Google+Chrome+OS

Tags: , , ,

11 Mar 12 At hacking contest, Google Chrome falls to third zero-day attack


Google’s Chrome browser on Friday fell to a zero-day attack that pierced its vaunted security sandbox, the third such attack in as many days at a contest designed to test its resistance to real-world threats.

A teenage hacker who identified himself only as PinkiePie said he spent the past week and half working on the attack. It combined three previously unknown vulnerabilities to gain full system access to a Dell Inspiron laptop that ran a fully patched version of Chrome on top of the most up-to-date version of Windows 7. He spent the past three days holed up in hotel rooms and conference areas refining the attack so it would break out of the sandbox, which was designed to prevent code-execution attacks like his, even when security bugs are identified.

“These kinds of things are finicky” PinkiePie told reporters as he finished a blueberry yogurt just minutes after making his booby-trapped website display a picture of a pink pony wielding a medieval axe. He said he “got lucky” because he found a way to break out of Google’s sandbox relatively early and then spent the rest of the time identifying vulnerabilities that allowed him to remotely funnel code through the system.

PinkiePie said all three of the vulnerabilities resided in code that’s native to Chrome. That meant it qualified for a $60,000 prize, the top reward for the Pwnium contest Google sponsored at the CanSecWest conference in Vancouver. Members of the Chrome security team started analyzing the exploit and vulnerability details within minutes of the hack. Less than 24 hours later, Google put a fix into its distribution pipeline.

“Congratulations to PinkiePie (aka PwniePie) for a beautiful piece of work to close out the Pwnium competition!” an advisory accompanying the update for Windows, Mac, and Linux versions of Chrome stated. Referring to an exploit unleashed on Wednesday, it continued: “We also believe that both submissions are works of art and deserve wider sharing and recognition.”

Additional details will be published once other WebKit packages that might also be vulnerable are patched.

Google is offering prizes of $60,000, $40,000 and $20,000 under the competition in an attempt to learn new strategies for fortifying Chrome against attacks that expose sensitive user data or take control of user machines. PinkiePie is only the second contestant to enter the contest. Both have demonstrated attacks that allowed them to take control of Chrome users’ machines when they do nothing more than browse to an attack site.

On Wednesday, a Russian researcher named Sergey Glaznov bundled two vulnerabilities into his own remote code-execution attack. Less than 24 hours later, Google shipped an update fixing the holes. At the separate Pwn2Own contest a few feet away, a team of researchers successfully exploited Chrome on Wednesday.It’s now almost certain that attack relied on Adobe Flash to break out of the safety perimeter.

The five vulnerabilities exposed during the third and final day of the contest are miniscule compared to the overall number of bugs Chrome’s security team fixes each year. A member of the team said the value of Pwnium isn’t in the number of bugs that come to light, but rather in the insights that come from watching how a reliable exploit is able to slip through carefully crafted defenses.

Updated to add official comment about $60,000 prize and the release of a patch.

Article source: http://arstechnica.com/business/news/2012/03/googles-chrome-browser-on-friday.ars

Tags: , , ,

11 Mar 12 At hacking contest, Google Chrome falls to third zero-day attack (Updated)


Google’s Chrome browser on Friday fell to a zero-day attack that pierced its vaunted security sandbox, the third such attack in as many days at a contest designed to test its resistance to real-world threats.

A teenage hacker who identified himself only as PinkiePie said he spent the past week and half working on the attack. It combined three previously unknown vulnerabilities to gain full system access to a Dell Inspiron laptop that ran a fully patched version of Chrome on top of the most up-to-date version of Windows 7. He spent the past three days holed up in hotel rooms and conference areas refining the attack so it would break out of the sandbox, which was designed to prevent code-execution attacks like his, even when security bugs are identified.

“These kinds of things are finicky” PinkiePie told reporters as he finished a blueberry yogurt just minutes after making his booby-trapped website display a picture of a pink pony wielding a medieval axe. He said he “got lucky” because he found a way to break out of Google’s sandbox relatively early and then spent the rest of the time identifying vulnerabilities that allowed him to remotely funnel code through the system.

PinkiePie said all three of the vulnerabilities resided in code that’s native to Chrome. That meant it qualified for a $60,000 prize, the top reward for the Pwnium contest Google sponsored at the CanSecWest conference in Vancouver. Members of the Chrome security team started analyzing the exploit and vulnerability details within minutes of the hack. Less than 24 hours later, Google put a fix into its distribution pipeline.

“Congratulations to PinkiePie (aka PwniePie) for a beautiful piece of work to close out the Pwnium competition!” an advisory accompanying the update for Windows, Mac, and Linux versions of Chrome stated. Referring to an exploit unleashed on Wednesday, it continued: “We also believe that both submissions are works of art and deserve wider sharing and recognition.”

Additional details will be published once other WebKit packages that might also be vulnerable are patched.

Google is offering prizes of $60,000, $40,000 and $20,000 under the competition in an attempt to learn new strategies for fortifying Chrome against attacks that expose sensitive user data or take control of user machines. PinkiePie is only the second contestant to enter the contest. Both have demonstrated attacks that allowed them to take control of Chrome users’ machines when they do nothing more than browse to an attack site.

On Wednesday, a Russian researcher named Sergey Glaznov bundled two vulnerabilities into his own remote code-execution attack. Less than 24 hours later, Google shipped an update fixing the holes. At the separate Pwn2Own contest a few feet away, a team of researchers successfully exploited Chrome on Wednesday.It’s now almost certain that attack relied on Adobe Flash to break out of the safety perimeter.

The five vulnerabilities exposed during the third and final day of the contest are miniscule compared to the overall number of bugs Chrome’s security team fixes each year. A member of the team said the value of Pwnium isn’t in the number of bugs that come to light, but rather in the insights that come from watching how a reliable exploit is able to slip through carefully crafted defenses.

Updated to add official comment about $60,000 prize and the release of a patch.

Article source: http://arstechnica.com/business/news/2012/03/googles-chrome-browser-on-friday.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

Tags: , , ,