another vulnerability in Google Desktop discovered

Submit: Add to your Digg This Slashdot GotNews StumbledUpon Reddit

I’m not a fan of Google desktop, although I haven’t written about this in the past. To summarize, Google Desktop has been exploited a number of times with weaknesses that permit an attacker to discover the contents of a user’s desktop and run arbitrary code on the user’s machine. See a video of a Google Desktop hack here.

Another vulnerability has been discovered. On May 31, 2007, Google hacker Robert Hansen posted proof of concept details showing how attackers could use Google Desktop to launch software that had already been installed on the victim’s computer.

The attack is hard to pull off and could not necessarily be used to install unauthorized software on the victim’s PC, but it does illustrate the kind of security issues that arise with Web-based applications, said Hansen, the CEO of Web security consultancy, and a contributor to the site.

Link to full story here:

Disclaimer: my professional codes of ethics ((ISC)², ISACA, GIAC, InfraGard) forbid me from activities that give even the appearance of impropriety. Hence, I do not possess, and never have possessed, not downloaded, nor viewed, any tools that can be used to exploit weaknesses. I do not associate with those who do. I am 100% white hat.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s