New Google Desktop Exploit Discovered

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • greentea
    Confirmed User
    • Mar 2002
    • 6580

    #1

    New Google Desktop Exploit Discovered

    Another vulnerability in the Google Desktop search application has been discovered, similar but seperate to the ones discovered by Jim Ley and Netcraft. The discovery was made by Salvatore Aranzulla, an Italian journalist. The flaw allows attackers to target users of the Google Desktop application and modify the contents of search pages by injecting scripts located on external servers. Such cross site scripting attacks provide attackers with a means of obtaining information under the guise of a reputable domain.

    Aranzulla has published details about the new vulnerability on his web site, where he includes some example exploits (Italian). He claims that inexperienced users may be susceptible to phishing attacks like these, while more experienced users may become suspicious due to the long URLs that are typically involved in exploiting cross site scripting vulnerabilities.

    It is not clear whether Aranzulla notified Google before making his discovery public. As we previously reported, Jim Ley experienced difficulties when he tried to notify Google about a similar exploit he discovered more than two years ago. Conversely, a different vulnerability discovered by Netcraft last week, was closed within two days of being reported to Google.




    http://mirabilweb.altervista.org/pag...ina=google_bug
    blunts
  • marzzo
    Confirmed User
    • May 2002
    • 2134

    #2


    Important topic - bump.

    4 5 zero - 2 2 - nine nine nine

    Comment

    • AndrewKanuck
      Confirmed User
      • Jan 2004
      • 6706

      #3
      Google desktop search stays off my desktop - easy solution

      Comment

      • reynold
        Too lazy to set a custom title
        • Oct 2002
        • 51271

        #4
        of course there has to be some catch!

        Comment

        • HammerTime33
          Confirmed User
          • Sep 2004
          • 498

          #5
          Exploit Discovered? I discovered it when it was mearly an idea, I mean come on WHAT A BAD IDEA !!

          You simpoly wont see that shit here, hell I am just getting the nerve up to trust microsucks and SP2.

          Comment

          • Vitasoy
            GFY HALL OF FAME DAMMIT!!!
            • Oct 2003
            • 58202

            #6
            People who install it, is asking for it


            [email protected]

            Comment

            • hagbard
              Confirmed User
              • Jul 2004
              • 309

              #7
              Installed it. Love it. I limit what it spiders and I believe that its going to be both secure and the best search solution until the new FS comes out from MS in who knows how long (SQL based indexing) I found an email that outlook usually takes 1 minute to find in less than a second. I'm happy. Every OS and most apps have holes. everyone who posted a "i'm staying away" or "born to fail" post has at least one app that is just as bad. guaranteed.

              Comment

              Working...