Google Chrome OS May Be Security Hotspot in 2010

Google's Chrome OS will be "poked" by hackers in 2010, in large part because it will be the "new kid on the block," a security researcher predicted Wednesday.

By Gregg Keizer
Wed, December 30, 2009

Computerworld — Google's (GOOG) Chrome OS will be "poked" by hackers in 2010, in large part because it will be the "new kid on the block," a security researcher predicted today.

Chrome OS will be targeted by attackers, probably even before it's officially released, said Sam Masiello, the director of threat management at antivirus vendor McAfee.

"It'll be the new kid on the block, that's one of the primary drivers why we think cybercriminals will target Chrome OS," said Masiello. "The same thing happened to Windows Vista and Windows 7 , even before they were finished. Since Chrome OS is new, it's going to be of interest to security researchers, and it's going to be poked by cybercriminals as well."

Google 's operating system was announced in July and released as open-source in November, but is not slated to be available on netbooks until late in 2010.

Another reason hackers will likely target Chrome OS is its reliance on HTML 5, the still-unfinished revision of HTML (Hypertext Markup Language) that aims to replace the current crop of rich media plug-ins, such as Adobe (ADBE) Flash and Microsoft 's Silverlight, with advanced features developers can build right into sites.

HTML 5 also supports offline Web applications, where traditionally online services and software can be accessed when users are not connected to the Internet. "As we move toward the advent of rich Internet applications, the lines are blurring between online and offline," said Masiello. "Cybercriminals will be able to attack users when they're offline, as well as on."

Other Google software will make a name for itself -- and not in a good way -- during the coming year, said Masiello. Google Wave , the search giant's collaboration and communication software, may be the perfect tool for controlling a botnet, or collection of already-compromised computers.

"Google Wave uses XMPP (eXtensible Messaging and Presence Protocol), which provides application-to-application control for Web apps," Masiello said. "It could be used for truly decentralized command-and-control of a botnet, so a take-down of a single ISP or hosting company would have zero impact."

But although McAfee sounded the alarm about Chrome OS, HTML 5 and Google Wave, Masiello acknowledged that 2010 will probably be limited to proof-of-concept exploits or a low level of activity, seeing as how Chrome won't appear until later in the year and HTML 5 is still unfinished. "With HTML5 and Google, we still have some time," he said.

McAfee's 2010 security predictions can be downloaded from the company's site ( download PDF ).

Gregg Keizer covers Microsoft (MSFT), security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter @gkeizer , send e-mail at gkeizer@ix.netcom.com or subscribe to Gregg's RSS feed .

Originally published on www.computerworld.com. Click here to read the original story.
White Papers »
Overcome Top 7 Admin Challenges of Active Directory
As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.
Top Solutions and Tools to Prevent Devastating Malware
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.
Insiders Can Ruin Your Company. Take Action.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.
X-Ray of the PCI Process-4 Proactive Steps
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.
Streamline Compliance and Increase ROI
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.
Has Your Server Infrastructure Kept Pace with End User Demands?
Learn how your answer to this question compares to your peers by taking this quick poll. See how your peers are dealing with the challenge of ensuring a highly capable server infrastructure as technological shifts impact the application server platform.
Webcasts »
Virtualization Success is a Team Effort
As greater numbers of datacenter servers transition from the physical to the virtual world, the components of virtualization success come to the fore. What scores of organizations have discovered is that success is derived from an optimal pairing of the right software platform with the right hardware platform.
Optimizing Networks for the Cloud
Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and enterprise campus network infrastructures for the Cloud, and identify ways to better allocate network resources, reduce operating costs and improve application performance.
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn about VMware customer, Navicure, and their experiences testing and evaluating the recovery manager, their progress in implementing it in their environment and their advice other customers considering using vCenter.
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as support considerations
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and disaster recovery and support considerations.
Virtualizing Microsoft and Oracle on VMware vSphere: Benefits and Best Practices
Virtualizing business-critical applications is an essential step in your journey to the cloud. Microsoft SQL Server, Exchange and SharePoint, and Oracle applications, are often the backbone of business IT. The benefits of virtualizing these applications extend far beyond mere consolidation. Understanding how VMware improves quality of service and agility while reducing costs will help you make the case for taking virtualization to the next level in your company.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Overcome Top 7 Admin Challenges of Active Directory

Top Solutions and Tools to Prevent Devastating Malware

Insiders Can Ruin Your Company. Take Action.

X-Ray of the PCI Process-4 Proactive Steps

Streamline Compliance and Increase ROI

Has Your Server Infrastructure Kept Pace with End User Demands?

Delivering a Greener Data Center

Cloud-Scale Networks Using Open Fabric Architectures

Mobility in the Network: A Phased Technology Approach

Smarter Commerce is redefining value chain visibility

Digital Transformation: Creating New Business Models Where Digital Meets Physical

IBM Synchronizes its Commerce 2.0 Strategy with 'Smarter Commerce' Initiative

Identity Governance: The Business Imperatives

CA Technology Brief: CA Point of View: Content Aware Identity & Access Management

Enterprise Strategy Group: The Case for a New Data-centric DLP White Paper

Data Loss by the Numbers

Data Loss Prevention Solution for Managing E-Discovery

Best Practices in Data Protection - Executive Summary

Business Centric DLP

ESG Lab Validation Report: HP Data Protector & Deduplication Solutions
Resource Center
buy a link »
Ads by TechWords