2013年8月7日星期三

Google Chrome ‘hack’ is an open invitation

If you have three minutes alone with a Google Chrome user’s computer, you can access all their passwords—Gmail, Facebook, Twitter, whatever—then quickly cover your tracks.

It’s not a hack, per se. It’s a little-known feature designed to help users remember passwords and avoid the hassle of constantly hitting those “forgot your password?” buttons.In just four clicks, you can find yourself face-to-face with a list of each password they’ve let Chrome save.  Jot them down and close a window, and you’ll be gone in 60 seconds with the user’s keys. I won’t provide explicit instructions, but if you’re curious, you won’t have any trouble finding them.

Any intruder can then spy on a target’s accounts in secret or hijack them from the comfort of their own rtls, changing the target’s passwords and doing damage of all sorts until the target contacts security departments, proves their identity and wrests back control.

You can’t disable the function, but you can delete all saved passwords and instruct Chrome not to save passwords in the future. This will mean entering your passwords every time you log into a site, so even users who know how to do this won’t likely bother.  The whole thing is being described by security experts and by the tech press as a major security flaw, but the engineers at Google say they’re just keeping it real.

“We don’t want to provide users with a false sense of security,” wrote Chrome developer head Justin Schuh on Hacker News. His point is that if you allow someone access to your machine, they can get their hands on anything. Obscuring saved passwords behind some “master password” would do little to stop a malicious guest.  If you have social media accounts open, they could mess directly with settings. They could install malware or spyware, recording your keystrokes. They could type “password” into your Spotlight search bar and see what comes up in old Word documents. Google doesn’t want to close your window with cardboard when your front door may be wide open. Google wants you to be vigilant!

It’s a strange ideological stand. The truth is, most of us don’t worry that malicious hackers with malware on USB keys will get hold of our computers. The hackers we really need to worry about are our parents, kids, spouses and friends. As with many crimes, the privacy invasions that happen most and hurt the most are perpetrated by people we know and trust.
I’m not saying Russian fraudsters and NSA spooks don’t matter. Outside threats to our privacy are destructive in minor and major ways, creating everything from pesky banking hassles to existential threats to free societies. But let’s pause to recognize the vast damage done, largely unreported, by our loved ones.

You might not call it “hacking,” but every time a suspicious dude glances at an incoming text on his GF’s phone, every time a mom can’t resist a peek at her daughter’s open Facebook page, every time surfing histories are checked for porn sites, or old emails are searched for an ex’s name, life-changing consequences are possible. Our GPS whereabouts or smartphone metadata might not mean much or matter much to the government bots that are probably tracking them. But those who know us best know what our data means. A stop at a certain street corner might mean a donut we weren’t supposed to eat or a rendezvous we weren’t supposed to have.

Google makes tools, and tools should serve the interest of their users. I lock my bike, not because I think bike locks are infallible, but because an unlocked bike is an invitation to steal. By placing our passwords four clicks away, Google is inviting us to hack each other.

Over the past decade, our ever-evolving Web site has allowed us to add more and unique content for our readers (and the ability to reach more of them), while becoming a daily source of information related to “what’s happening at the Jersey shore.” Today, there’s no “Whoot! Route” section, but there is “South Jersey Nightlife,” which lists all of the nightlife options in the Atlantic City area in print and indoor Tracking. Today, we have a blog (“Atlantic City Central”), timely videos, digital photo galleries and new sections in the paper to keep up with the chameleon-like ways the region has changed — while not forgetting that the simple things, such as the beach, Boardwalk and Atlantic Ocean, are still three of the biggest reasons visitors come to the resort.?

Forty years of producing a newspaper (and now a Web site) with comprehensive entertainment listings, celebrity interviews, compelling local history articles and an ever-changing dining guide — as well as photos, movie reviews, the latest concert updates, etc. — is something to be proud of, especially in this age of the disappearing print product. But ever since Philadelphia-based Review Publishing purchased the Whoot! and changed its name to Atlantic City Weekly back in 2000, there has been little to make an argument that the good old AC Weekly (which some still call the Whoot!) was outdated. Sure, our readers now include hundreds of thousands of visitors to our Web site, Facebook page and other social media and digital outlets, but the need for a go-to resource for entertainment in an entertainment town — which you can hold in your hands and flip through at your leisure — will always be needed in a tourism-driven destination like ours.?

In celebration of our 40th anniversary, over the next several months you will be reading about and hearing about special plans for the occasion. In this week’s cover story, we offer 40 things we love about the Atlantic City region. Some of them date back to the Whoot! days; some of them precede the first publication of the paper on June 19, 1974; and others are new and exciting changes in entertainment offerings over the past couple decades or so. ?

Read the full products at http://www.ecived.com/en/.

没有评论:

发表评论