I’m not a fan of Google desktop, although I haven’t written about this in the past. To summarize, Google Desktop has been exploited a number of times with weaknesses that permit an attacker to discover the contents of a user’s desktop and run arbitrary code on the user’s machine. See a video of a Google Desktop hack here.
Another vulnerability has been discovered. On May 31, 2007, Google hacker Robert Hansen posted proof of concept details showing how attackers could use Google Desktop to launch software that had already been installed on the victim’s computer.
The attack is hard to pull off and could not necessarily be used to install unauthorized software on the victim’s PC, but it does illustrate the kind of security issues that arise with Web-based applications, said Hansen, the CEO of Web security consultancy Sectheory.com, and a contributor to the Ha.ckers.org site.
Link to full story here:
Disclaimer: my professional codes of ethics ((ISC)², ISACA, GIAC, InfraGard) forbid me from activities that give even the appearance of impropriety. Hence, I do not possess, and never have possessed, not downloaded, nor viewed, any tools that can be used to exploit weaknesses. I do not associate with those who do. I am 100% white hat.