Zero Day Hole In Google Desktop

Zero Day Hole In Google Desktop 113

Posted by Zonk on Friday June 01, 2007 @05:47PM from the please-stop-the-internet-from-leaking dept.

40by40 writes "A Web application security specialist has figured out a way to launch man-in-the-middle attacks against a computer with a fully patched Google Desktop installed. With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), hacker Robert Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop. From the article: 'This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model. As Google's site is unencrypted, and they place their content that can run executables on their site, it can be subverted by an attacker," Hansen warns. Hansen's advisory comes just days after a Chris Soghoian's exposé of a similar man-in-the-middle attack scenario against a remote vulnerability in the upgrade mechanism used by a number of commercial Firefox extensions.'"

Zero Day Hole In Google Desktop

This discussion has been archived. No new comments can be posted.

Search 113 Comments Log In/Create an Account

Comments Filter:

Re:Google operating system? (Score:4, Funny)

by ajanp ( 1083247 ) writes: on Friday June 01, 2007 @05:55PM (#19358313)

I can see it now... A future where mankind lives in a free and secure society where we all live together in bliss running our favorite open-source customized version of the iGOOGLE operating system that checks our mail, orders our groceries, and feeds the cat without any human interaction.

Re:Google operating system? (Score:4, Funny)

by Anonymous Coward writes: on Friday June 01, 2007 @06:01PM (#19358387)

GoOSE:
GOoogle Operating System Environment

Gotta teach those penguins a lesson sometime...

Re:pwnt! (Score:3, Funny)

by chris_mahan ( 256577 ) writes: <chris.mahan@gmail.com> on Friday June 01, 2007 @06:06PM (#19358431) Homepage

It doesn't matter. Google desktop does not run on Ubuntu...

What?

Re:Google operating system? (Score:5, Funny)

by yintercept ( 517362 ) writes: on Friday June 01, 2007 @06:18PM (#19358565) Homepage Journal

"... and feeds the cat ..."

You need to change this to read: "feed a cat". Google will feed your cat up until the index change after which it will start feeding another cat. To be grammatically precise: "a cat" will be fed. There is just no guarantee that it will be "the cat."

Re:Google operating system? (Score:5, Funny)

by Anonymous Coward writes: on Friday June 01, 2007 @06:39PM (#19358769)

Google Operating And Time Sharing Environment.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Zero Day Hole In Google Desktop 113

Zero Day Hole In Google Desktop More Login

Zero Day Hole In Google Desktop

Re:Google operating system? (Score:4, Funny)

Re:Google operating system? (Score:4, Funny)

Re:pwnt! (Score:3, Funny)

Re:Google operating system? (Score:5, Funny)

Re:Google operating system? (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot