Google Desktop vulnerability before the new attack
Just one day after security experts introduced the Google Toolbar vulnerability in Firefox, another similar vulnerability was found in Google Desktop.
Just one day after security experts introduced the Google Toolbar vulnerability in Firefox, another similar vulnerability was found in Google Desktop.
On Thursday, Google "attacker" Robert Hansen showed detailed evidence that attackers could use Google Desktop to launch software that was definitely installed on the victim's computer.
The attack is difficult to implement and not necessarily used to install unauthorized software on the victim computer, but it illustrates a security concern generated by background applications. Web platform, Hansen - Sectheory.com's web security advisor and collaborator of website Ha.kers.org - said.
' When relying on third-party companies to have code that affects your browser, it actually ruins the browser security model itself ,' he said.
Once this happens, an attacker can start the attack by changing the site where the victim computer enters. By navigating to a fake website with a new JavaScript code, the victim computer could be tricked into clicking on a dangerous connection.
The steps that Hansen has taken are very complicated by the security features Google has integrated into their software.
On Wednesday, graduate student Christopher Soghoian also released a man-in-the-middle attack that can be used to install malware on computers that use some add-on tools. popular of Firefox, including Googe, Yahoo and AOL toolbar.
Hansen posted an image of this attack used to launch Windows HyperTerminal. But it can also be used to launch any virtual applications that are actually installed on the computer.
This is not the first error of Google Desktop. In last February, Watchfire Corp.'s engineers. has also released a flaw in the program's Advanced Search Feature, which can be used to access data or even run unauthorized software on a victim's computer.
Two days after the Watchfire vulnerability was discovered, Hansen himself showed how attackers could steal information from Google Desktop users.
Google has not directly commented on recent errors.
Hong Ngan
- Google Desktop escapes beta life
- Is Google Desktop 2.0 really attractive?
- Attack on IE via Google Desktop Search
- Google upgrade Desktop Search
- Google Desktop loopholes and attacks
- Google patches 'deadly' for Desktop Search
- Should not use Google Desktop?
- The attack code is targeting the new IE vulnerability
- Google continues to conflict with Microsoft
- Detects the third vulnerability in Microsoft Excel
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system