Unprotected web cameras i kissed dating goodbye rapidshare
How would you feel if someone sat in front of your computer and was immediately able to access all of your Chrome passwords?That's a scenario that is dividing opinion after web designer Elliott Kember called Google's security practices into question by demonstrating how entering a simple URL allows a person with physical access to your machine to view your stored credentials.Chrome is designed to ask users if they want to store the passwords they enter online, making it easier to access their favorite websites.
In his blog post, Kember points out that if a user visits chrome://settings/passwords in the browser, those passwords are just one click away, instead of three clicks using the settings UI.
Justin Schuh, Google's head of Chrome Security, took to Y Combinator to clarify why Google doesn't secure stored passwords, stating that it does not want "to provide users with a false sense of security and encourage risky behavior." Schuh's argument is that if a would-be attacker had access to a user's machine then "the game was lost," as there would be "too many vectors for [the attacker] to get what he wants." This doesn't take into account a world where users don't use master passwords (not just in browsers), share computers, and aren't aware it is so easy for someone to access their login details.
Schuh explains that Google has "literally spent years" evaluating its security measures, giving it "quite a bit of data to inform our position." Schuh's response to the post was blasted by its author and inventor of the World Wide Web Sir Tim Berner's Lee labelled it "a disappointing reply from [the] Chrome team." Right now, Google sits at a crossroads.
The Chrome browser is no longer a tool used by ethusiasts and developers, it's a piece of software that has huge global appeal and is a tool capable of delivering web content to HD televisions.
Some things that are designed to be connected to the Internet, such as door locks that can be controlled with your i Phone, are generally believed to be hard to find. A bigger issue is that many of these devices shouldn't even be online at all.
Companies will often buy systems that can enable them to control, say, a heating system with a computer.Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.What's really noteworthy about Shodan's ability to find all of this -- and what makes Shodan so scary -- is that very few of those devices have any kind of security built into them.Many more connected systems require no credentials at all -- all you need is a Web browser to connect to them.In a talk given at last year's Defcon cybersecurity conference, independent security penetration tester Dan Tentler demonstrated how he used Shodan to find control systems for evaporative coolers, pressurized water heaters, and garage doors."It's a massive security failure," said HD Moore, chief security officer of Rapid 7, who operates a private version of a Shodan-like database for his own research purposes.