The HiWired Blog

« Phishing for your dough | Main | HiWired ain't afraid of no Whoop »

February 25, 2007

Google desktop vulnerable

Slashdot reports a vulnerability in Google Desktop:

Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS pinning that could give an attacker access to any data indexed by Google Desktop, security researchers said this week.

Apparently this is a function of the code itself:

The troubling thing about the attack Hanson identified, which he calls anti-anti-anti-DNS pinning, is that there is very little that can be done to avoid it short of eliminating cross-site scripting vulnerabilities on the Web.

"This is really just fundamentally about how browsers work," he said. "If you allow a Web site to have access to your drive -- to modify, to change things, to integrate, or whatever -- you're relying on that Web site to be secure."

Hansen and Grossman say that Google is not the only company vulnerable to a growing category of Web-based attacks. For instance, MySpace.com was hit when a fast-moving worm spread through the MySpace community in early December, stealing MySpace log-in credentials and promoting adware Web sites.

So I guess we would have to call it a "feature".

Posted by Peter at February 25, 2007 07:10 PM

Comments

© 2007 HiWired Inc. All rights reserved.

The information in this blog is provided “AS IS” with no warranties, and confers no rights. This blog does not represent the thoughts, intentions, plans or strategies of our employer (HiWired, Inc.). It is solely, the bloggers’ personal opinions. Inappropriate comments will be deleted at the authors discretion. All technical solutions are provided “AS IS” without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.