Zero Day Hole In Google Desktop 113
40by40 writes "A Web application security specialist has figured out a way to launch man-in-the-middle attacks against a computer with a fully patched Google Desktop installed. With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), hacker Robert Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop. From the article: 'This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model. As Google's site is unencrypted, and they place their content that can run executables on their site, it can be subverted by an attacker," Hansen warns. Hansen's advisory comes just days after a Chris Soghoian's exposé of a similar man-in-the-middle attack scenario against a remote vulnerability in the upgrade mechanism used by a number of commercial Firefox extensions.'"
Re:Google operating system? (Score:4, Funny)
Re:Google operating system? (Score:4, Funny)
GOoogle Operating System Environment
Gotta teach those penguins a lesson sometime...
Re:pwnt! (Score:3, Funny)
What?
Re:Google operating system? (Score:5, Funny)
You need to change this to read: "feed a cat". Google will feed your cat up until the index change after which it will start feeding another cat. To be grammatically precise: "a cat" will be fed. There is just no guarantee that it will be "the cat."
Re:Google operating system? (Score:5, Funny)