2.21.07 Google Desktop 'extremely' vulnerable to attackers
By Richard Koman - February 21, 2007
Google recently fixed a very severe security risk in Google Desktop - which left users' PCs vulnerable to cross-site scripting attacks, in which hackers can place malicious software on users' computers, AP reports. The problem was reported by Watchfire Jan. 4 and reported as fixed by Google Feb. 1.
The attacker uses JavaScript code to control Google Desktop functionality, Watchfire said in a press release.
While evading current information protection systems, such as anti-virus software and firewalls allowing the attacker to covertly hijack sensitive local information. (For example: Office documents, Media files, emails, in many cases, even deleted emails, chat sessions and files could be accessed.)
Although this vulnerability has been patched, Google Desktop's integration between Web and desktop is a malicious attacker's dream application.
"Application security vulnerabilities need to be taken seriously. As the potential damage of a Cross Site Scripting attack against a desktop application with a Web interface is enormous, Web application security must be comprehensively evaluated and continually monitored," said Michael Weider, founder and CTO, Watchfire. "Industry leaders like Google continue to make strides in security but due to the dynamic nature of applications vulnerabilities can surface."
A Google spokesperson emailed the AP that Google has "taken many steps to protect our users and mitigate such attacks. We've added an additional layer of security checks to prevent the types of attacks pointed out by Watchfire and future possible attacks through this vector as well."
« 2.21.07 Mercury execs used 'magic backdating ink,' suit claims | Main | Innovation inflation - innovation is everywhere, even on business cards »
Posted to NewsWatch
February 21, 2007 | Permalink | Comment | Subscribe to SVW
- Top Stories:
- Silicon Valley Goes To Paris... Le Web '09
- Turkey's Search Engine And The Backlash Against The Internet's 'Wal-Marts'
- A Saturday Post: Media In Crisis: I'm Thankful For Being Here Right Now...
- Guest Post: Social Media Marketing is Swiss Cheese
- A Single Search Index Would Speed Up The Entire Internet - A Zero Carbon Speed Boost
- The Dark Matter Of Internet Commerce - A Towering Pile of Scams - $1.4Bn And Counting...
- Groovy: Real-Time Data Could Aid Media Companies
- Tech Awards For Humanity: "Cash Prizes" Galore And Al Gore's Meaningless Speech . . . And Amazing Laureates!
- The Death Of The Search Algorithm? Techmeme Has Six Editors
- TEDxSF - Little TED Just Like The Big TED
- What's Next? Beyond Real-Time...
- PearlTrees: A Novel Approach To Human Mapping Of The Internet
