another vulnerability in Google Desktop discovered

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

I’m not a fan of Google desktop, although I haven’t written about this in the past. To summarize, Google Desktop has been exploited a number of times with weaknesses that permit an attacker to discover the contents of a user’s desktop and run arbitrary code on the user’s machine. See a video of a Google Desktop hack here.

Another vulnerability has been discovered. On May 31, 2007, Google hacker Robert Hansen posted proof of concept details showing how attackers could use Google Desktop to launch software that had already been installed on the victim’s computer.

The attack is hard to pull off and could not necessarily be used to install unauthorized software on the victim’s PC, but it does illustrate the kind of security issues that arise with Web-based applications, said Hansen, the CEO of Web security consultancy Sectheory.com, and a contributor to the Ha.ckers.org site.

Link to full story here:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9022561&intsrc=hm_list

Disclaimer: my professional codes of ethics ((ISC)², ISACA, GIAC, InfraGard) forbid me from activities that give even the appearance of impropriety. Hence, I do not possess, and never have possessed, not downloaded, nor viewed, any tools that can be used to exploit weaknesses. I do not associate with those who do. I am 100% white hat.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s