{"id":3813,"date":"2013-10-21T12:30:28","date_gmt":"2013-10-21T16:30:28","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=3813"},"modified":"2013-10-21T12:30:28","modified_gmt":"2013-10-21T16:30:28","slug":"chromes-effort-at-efficiency-may-leave-users-vulnerable","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/10\/21\/chromes-effort-at-efficiency-may-leave-users-vulnerable\/","title":{"rendered":"Chrome’s effort at efficiency may leave users vulnerable"},"content":{"rendered":"

Google Chrome users should take extra precautions when using the browser to type personal data, such as credit card numbers, into website forms, experts say.<\/p>\n

Additional steps are necessary because Chrome will store the data in plain text in its web history log on the hard drive. The browser retrieves the information as needed to avoid having the user retype the same data into other forms.<\/p>\n

Researchers at Identity Finder created proof-of-concept malware that could take the data and send it to a third party. The security vendor claims Google could make the process more difficult for hackers by having the browser encrypt the data before it is stored.<\/p>\n

Chrome lets the operating system encrypt the data, if that\\’s how the user has the OS configured. With Windows, Microsoft offers full disk encryption through its BitLocker feature.<\/p>\n

“It would be harder to get at the data (if encrypted),” said Aaron Titus, chief privacy officer for Identity Finder.<\/p>\n

Google said the vendor is making a lot out of nothing because Chrome gives the user full control over how it stores data.<\/p>\n

“Chrome asks for permission before storing sensitive information like credit card details, and you don\\’t have to save anything if you don\\’t want to,” the company said in a statement sent to CSOonline. “Furthermore, data stored locally by Chrome will be encrypted if supported by the underlying operating system.”<\/p>\n

Security assessment is ongoing<\/p>\n

Identity Finder specializes in software that finds sensitive information on PCs, so it’s not surprising that it recommends better data management. For example, browser makers could detect when someone is typing in a credit card number and not store the data.<\/p>\n

“Chrome, and probably browsers and other programs in general, need to deploy sensitive data management practices,” Titus said.<\/p>\n

chrome security<\/p>\n

Other experts did not consider Chrome’s handling of personal data a serious problem.<\/p>\n

“I believe it makes sense to store the web history information in an encrypted format to avoid this information leakage problem, but it is not a critical issue,” said Wolfgang Kandek, chief technology officer for Qualys.<\/p>\n

Malware written to steal information from a PC would go after much more than a browser history log, Kandek said. For example, the malicious software would likely intercept keystrokes to steal credentials used on websites and grab data from unlocked password stores.<\/p>\n

Where extra precautions need to be taken is when a person sells or gives away an older PC. “If their hard drive is sold on something like eBay and was not properly wiped they are clearly at risk,” said Paul Henry, computer forensics specialist for Lumension.<\/p>\n

To avoid having sensitive data accessed, sellers need to reformat their hard drives before handing the system to a buyer, Kandek said.<\/p>\n

But if the computer user is savvy enough not to save credentials or to regularly clear the browser cache, then the storing of history logs becomes a “non-issue,” Henry said.<\/p>\n

via Chrome’s effort at efficiency may leave users vulnerable | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Google Chrome users should take extra precautions when using the browser to type personal data, such as credit card numbers, […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[190,849],"class_list":["post-3813","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-chrome","tag-privacy"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-Zv","jetpack-related-posts":[{"id":3204,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/19\/chrome-challenges-firefox-may-become-no-2-browser\/","url_meta":{"origin":3813,"position":0},"title":"Chrome challenges Firefox, may become No. 2 browser","author":"NCCT","date":"August 19, 2013","format":false,"excerpt":"Mozilla's Firefox browser has lost more than 11 percent of its user share in the last two months, giving Google's Chrome another shot at replacing it as the world's No. 2 browser, according to new data. Statistics from Web measurement company Net Applications illustrated a rapid decline in Firefox and\u2026","rel":"","context":"In "Software"","block_context":{"text":"Software","link":"https:\/\/nccomputertech.com\/techtalk\/category\/software\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7380,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/01\/09\/super-cookies-can-track-you-even-in-private-browsing-mode-researcher-says\/","url_meta":{"origin":3813,"position":1},"title":"‘Super cookies’ can track you even in private browsing mode, researcher says","author":"NCCT","date":"January 9, 2015","format":false,"excerpt":"If there's one thing websites love to do it's track their users. Now, it looks like some browsers can even be tracked when they're in private or incognito mode. Sam Greenhalgh of U.K.-based RadicalResearch recently published a blog post with a proof-of-concept called \"HSTS Super Cookies.\" Greenhalgh shows how a\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8871,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/03\/23\/google-kills-the-chrome-app-launcher-on-windows-mac-and-linux-pcworld\/","url_meta":{"origin":3813,"position":2},"title":"Google kills the Chrome app launcher on Windows, Mac, and Linux | PCWorld","author":"NCCT","date":"March 23, 2016","format":false,"excerpt":"By Ian Paul\u00a0 | PCWorld Google\u2019s attempted invasion of the Windows desktop is now officially over. The Chrome-maker recently announced that the Chrome app launcher will be removed from Windows, Mac, and Linux in July, though it\u2019ll stick around in Chrome OS. Google says it\u2019s dumping the app launcher in\u2026","rel":"","context":"In "Software"","block_context":{"text":"Software","link":"https:\/\/nccomputertech.com\/techtalk\/category\/software\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8744,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/11\/8744\/","url_meta":{"origin":3813,"position":3},"title":"Chrome to drop support for Windows XP, Windows Vista, and older Mac OS X versions in 2016","author":"NCCT","date":"November 11, 2015","format":false,"excerpt":"By Ian Ginos | Neowin Google Chrome, by some estimates the world's third most popular desktop web browser, will cease to support older versions of Microsoft's Windows and Apple's OS X operating systems. In a recent blog post, Google announced that it intends to discontinue support for Chrome on Windows\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7965,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/02\/google-chrome-will-banish-chinese-certificate-authority-for-breach-of-trust-updated\/","url_meta":{"origin":3813,"position":4},"title":"Google Chrome will banish Chinese certificate authority for breach of trust [Updated]","author":"NCCT","date":"April 2, 2015","format":false,"excerpt":"Google's Chrome browser will stop trusting all digital certificates issued by the China Internet Network Information Center following a major trust breach last week that led to the issuance of unauthorized credentials for Gmail and several other Google domains. The move could have major consequences for huge numbers of Internet\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/handcuffs-640x301.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/handcuffs-640x301.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/handcuffs-640x301.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":7648,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/26\/chrome-security-update-warns-against-sneaky-software-downloads-as-well-as-malware\/","url_meta":{"origin":3813,"position":5},"title":"Chrome security update warns against sneaky software downloads as well as malware","author":"NCCT","date":"February 26, 2015","format":false,"excerpt":"Google is adding a new warning to Chrome in its continuing efforts to protect users from harmful actors on the web. The new red flag for Google\u2019s browser warns you when you\u2019re about to visit a site that encourages users to download harmful and unwanted software. Chrome isn\u2019t the only\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3813","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=3813"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3813\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=3813"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=3813"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=3813"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}