Google Desktop security flaw is fixed
Tuesday’s Boston Globe is reporting that the Google Desktop was opened to cross-site scripting attacks, allowing an attacker to place malicious code on a Google Desktop user’s computer. The attack would have gone undetected by firewalls or antivirus software according to the article. A Google spokesman said the program gets automatically updated so users don’t have to take any steps to protect themselves.
http://www.boston.com/business/ticker/2007/02/google_security.html
Posted by Rich
February 21st, 2007 at 11:00 am
That’s a little odd. The article talks about cross-site scripting attacks as if they’re equivalent to viruses, whereas they’re usually the weakest and least dangerous form of exploit. Maybe this one’s different somehow? I wonder how it goes from cross-site scripting to full control of the owner’s machine..
- Chris.
February 21st, 2007 at 12:08 pm
Hi Chris
Watchfire Corp has a whitepaper out on the Google Desktop security flaw
http://download.watchfire.com/whitepapers/Overtaking-Google-Desktop.pdf
Hope this is helpful
June 23rd, 2007 at 1:54 am
It’s reassuring to know they fixed it eventually……..
Mark (sheds)