Facebook, Twitter, and Microsoft (in no particular order) were recently attacked by hackers. This led to a number of questions being raised. How did they manage to get into the servers of such big corporations? Why did they want to do it? And most importantly: Is Google any safer than these websites? To find the answer, we must study the problem.
When any hacking attempt (successful or unsuccessful) happens, we get scared by hearing words like “accounts hacked” or “security compromised”. This makes us lose trust in the website. The recent spate of attacks has one common thread. Let’s find out what it is:
A quarter million accounts compromised in one go. Twitter was the first one to admit the hacking. It linked the hacking to a flaw in the Java program. The Homeland Security had already warned of such attacks.
Although the attacks happened a month before the Twitter attacks, Facebook acknowledged the breach only after Twitter admitted the attack. However, Facebook claimed that all user data was safe on its servers. But again, the breach was reported to have been due to a problem in Java.
Microsoft linked the attacks on its servers to the ones on Twitter and Facebook. That means a problem in Java was responsible for attacks on three of the world’s top establishments. Apart from these, Apple, Wall Street Journal, New York Times, and Washington Post were also targeted. The Homeland Security report points towards malicious software targeting individual computers.
Since Apple has been harmed even though Java is disabled in it, the disabling option seems not viable on other systems. Does that mean Google is vulnerable to hacking too? Can our beloved Chrome be a cause of worry for us? The answer lies in the methodology of the company.
The Chrome OS was built to be secure. A term “sandboxing” is pretty famous with those linked with Google. This feature disallows spreading of malicious links and malware. Many extensions are used in Chrome. Each extension can be a cause of hacking. However, here lies the interesting portion.
The principle of privilege separation is applied in Chrome. The extensions declare their intended privileges in the manifest. In case of a compromise, the attack is limited to the privilege assigned. This means a person hacking into your Gmail will not gain access into your bank account.
Achieving this requires extensions to be divided in to two pieces: background page & content scripts. While the background page is isolated from the web, the scripts can access it anytime. Both of these, however, are interlinked with each other.
So if you have a Google account or use any of its products, you do not need to worry much. Google has already done a lot to prevent hacking from outside sources. But, of course, it is our job to download material only from trusted links. Our alertness can prevent hackers from going deep into the website’s systems.