This week’s tech roundup focuses on Google products, and we start off with the remarkable gadget known as Chromebit. We then move on to the good news/bad news scenario of Android security and finish up with a little Easter Egg from the United States Congress.
Chromebook gets smaller
The Google ChromeBook is designed to be small. As a web browser-only laptop, these units are slim, light and relatively cheap, but for Google this is not enough. So now the company has packed the full power of the Chromebook into a device the size of a Chromecast, the video delivery device that looks like a slightly oversized thumb drive. The device, dubbed Chromebit, will be available later this year. For years, folks have put entire operating environments on thumb drives, but they had to attach to a real computer to work. The Chromebit in itself is a real computer and includes 16GB of storage (no big feat since a 256GB thumb drive is about $80 in the US), 2GB of RAM and a Rockship CPU – all for less than $100. Something to look forward to this summer! For the security conscious, this is good news. By being only a browser, not laden with a bunch of DLLs, Chromebooks are far less vulnerable than PCs. It might be far less functional, but it is far less vulnerable just the same. While malware has a tougher time against Chromebooks, the new Chromebit can be a field day for those looking to leak data. The trouble with such a tiny, but mighty gadget is that you can take all the data and the software you might need with you in your top pocket… and tiny enough to lose too.
Android security – good news
We all know unprotected PCs are as big a security risk as leaving keys in your car. Smartphones, while far safer, are still vulnerable to attack and malware, and can likewise spread the same. They can also be the source of data breaches. Recently, Google bragged about Android security, claiming that less than 1% of Androids were saddled with a malicious app last year. That’s pretty good for a system that is far more open, apps wise, than the iPhone. How does Google know? Well, of course, Google knows just about everything. In this case, the company used the built-in Verify Apps that checks installed apps for legitimacy. Apps are first scanned during install, and then later checked to make sure they are still secure.
Android security – the bad news
While less than 1% of Androids got a bad app last year, close to half of these same devices are actually vulnerable to a rogue app designed to swap itself in place of a legitimate app – then steal your username and password! The hole has a patch, but just over half of Android users have installed the fix. This is the very same scenario hackers use to go after Windows machines. Once a patch has been issued, the bad guys dissect the patch, and figure out how to attack the vulnerability. An attack is unleashed knowing that not all devices will be updated – and you wonder why patching is so important? So far, no exploits have been released, but with all the publicity, it is only a matter of time.
Acro backlash
We techies know all about acronyms (KAAA). There are even acronyms for things that don’t need acronyms. For instance, what Microsoft used to call beta software is now a community technology preview (CTP). There are so many acronyms that some have different meanings – commonly known as acronym overlap. The US Congress has also gone acronym crazy; only there’s a twist. Legislators are naming bills so the acronym spells out something interesting. An acronym with meaning – how’s that for a concept? One elected leader wants to put an end to this practice – and filed acronym-laded legislation to do so. In an obvious poke at his colleagues, Mike Honda, a Congressman from California, introduced the “Accountability and Congressional Responsibility on Naming Your Motions.” Yes, it spells ACRONYM. If passed, the act would stop legislators from naming bills just for the acronym. One example that really galled Honda? “The Pension And Social Security Measuring Equivalence Permanent Linking of Everyone’s Actual Savings Environment (PASS ME PLEASE) Act. Maybe Honda can now do something about acronym-overload in the IT space!
Get your free 30-day 
trial
Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.