Chrome OS Remains Undefeated At Pwnium 3 178
Posted
by
timothy
from the technical-victory dept.
from the technical-victory dept.
hypnosec writes "Google has announced that its Chrome OS has managed to remain undefeated during the Pwnium 3 event that was held alongside Pwn2Own. Announced by Google on January 28, 2013 the Pwnium 3 event carried a prize money of $3.14 million. Researchers were asked to carry out attacks against a base Samsung Series 5 chromebook running the latest stable version of Chrome OS. It turns out security researchers were not able to come up with winning exploits even after the competition's deadline was extended. Google Chrome Team has revealed that partial exploit entries have been filled in but, no other details have been released."
Re:Does it do anything at all? (Score:5, Interesting)
Re:OS that doesn't do anything isn't cracked.. (Score:5, Interesting)
Typical geek-elitist drivel. For some (myself included) sure it's important to understand the nature of how computers do things. What you seem to fail to see, or are in denial about, is that computers have become ubiquitous appliances, and the average user doesn't give a shit about the 'nature of how we do these things.' They just want it to work.
Re:OS that doesn't do anything isn't cracked.. (Score:4, Interesting)
Yes. Most people don't even have a clue how the light in their room comes on when they flip the switch and could care less about electricity as long as when they flip the switch the light comes on. Almost no one knows anything about internal combustion that drives a car daily they just know that when you turn the key it should start. The how and why is beyond them. Computers are even more complex to these people and it's crazy to think they'll ever know or care how they work.
Re:OS that doesn't do anything isn't cracked.. (Score:4, Interesting)
The difference is that Chrome OS is a consumer-grade "thin client". It is aimed mainly at home and educational use, not the big corporate or government use most other thin clients aim for.
As such, yes, it makes sense to compare it to other consumer-grade operating systems. The results won't be quite comparable, as many duties normally handled by the OS are done remotely, in "the cloud", but it's still a worthwhile comparison.
So many uninformed comments (Score:5, Interesting)
Yeah, all those things probably don't matter. They probably don't play any role in exploits that work on Windows-based Chrome failing on Chrome OS. It's not more inherently secure than any other OS, riiiggghhhhhttttt
Re:OS that doesn't do anything isn't cracked.. (Score:2, Interesting)
Look under the hood. Chrome OS is just as capable of running X11 apps as your off the shelf distro. Granted, it's not designed to so it's difficult to make it do so, damn near impossible (as seen in article) without switching developer mode on.
But, switch developer mode on, turn off rootfs verification, remount as RW, and dump binaries on that it'll happily run. I don't typically categorize thin clients as a system running GNU/Linux w/ X11 support.
I think the ace in the hole for ChromeOS security is that any partitions writable are mounted noexec. Any partition mounted exec, is read only. How do you get around that without attacking the kernel itself?