 |
 |
 |
|
| SecurityProNews > Insider Reports > Insider > Google Seals Desktop XSS Hole |
[ insider_reports_insider ]Google Seals Desktop XSS Hole
David Utter Staff Writer 2007-02-21  Insider Reports RSS Feed
A vulnerability in the Google Desktop product could have exposed files on a machine running it to an external attacker.
Through the potential of a cross-site scripting scenario, Google Desktop could have been a gateway to the files owned by a PC user. If those files contained personal information, identity theft could have been the result. An attacker would have had to get the user to visit a URL where the flaw could be exploited. According to the Watchfire security firm, Google Desktop could have been victimized by a malicious email. Once compromised, the software could be used to search the targeted system, with the potential to take full control of a system. An AP report about the flaw said Google fixed it by the beginning of February. Since Google Desktop receives updates automatically, its users will have this fix in place without requiring additional action on their parts. The need for this kind of fix, and the potential privacy issues that could have taken place, weren't exactly unforeseen. The Electronic Frontier Foundation has had concerns about Google Desktop virtually since its inception. Those concerns escalated when version 3 of the software, with its 'Search Across Computers' feature, hit the Internet in February 2006. EFF attorney Kevin Bankston painted a grim scenario at that time: "If you use the Search Across Computers feature and don't configure Google Desktop very carefully-and most people won't-Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index.
The government could then demand these personal files with only a subpoena rather than the search warrant it would need to seize the same things from your home or business, and in many cases you wouldn't even be notified in time to challenge it. Other litigants-your spouse, your business partners or rivals, whoever-could also try to cut out the middleman (you) and subpoena Google for your files." A Google spokesperson told AP that the company has bolstered Desktop's security to prevent cross-site scripting attacks from affecting the software. --- Tag: Google Desktop Add to  Del.icio.us |  Digg |  Reddit |  Furl
Get all the updates -  View All Articles by David Utter About the Author: David Utter is a business and technology writer for SecurityProNews and WebProNews. More insider_reports_insider Articles Insider Reports RSS Feed
|
|
 |
iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us |
 |
| Contact
Us | Advertise
| Newsletter
Archive | Sitemap
| Submit an
Article | News
Feeds SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal |
Join the WebProWorld Forums: Click Here |
|
|||||||||||||||||||||||||
