|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
10-27-2004, 10:55 AM
|
#1 |
|
Confirmed User
Join Date: Mar 2002
Location: South Florida
Posts: 6,580
|
New Google Desktop Exploit Discovered
Another vulnerability in the Google Desktop search application has been discovered, similar but seperate to the ones discovered by Jim Ley and Netcraft. The discovery was made by Salvatore Aranzulla, an Italian journalist. The flaw allows attackers to target users of the Google Desktop application and modify the contents of search pages by injecting scripts located on external servers. Such cross site scripting attacks provide attackers with a means of obtaining information under the guise of a reputable domain.
Aranzulla has published details about the new vulnerability on his web site, where he includes some example exploits (Italian). He claims that inexperienced users may be susceptible to phishing attacks like these, while more experienced users may become suspicious due to the long URLs that are typically involved in exploiting cross site scripting vulnerabilities. It is not clear whether Aranzulla notified Google before making his discovery public. As we previously reported, Jim Ley experienced difficulties when he tried to notify Google about a similar exploit he discovered more than two years ago. Conversely, a different vulnerability discovered by Netcraft last week, was closed within two days of being reported to Google. http://mirabilweb.altervista.org/pag...ina=google_bug
__________________
blunts |
|
|
|
10-27-2004, 08:14 PM
|
#2 |
|
Confirmed User
Industry Role:
Join Date: May 2002
Posts: 2,134
|
 Important topic - bump.  |
|
|
|
|
10-27-2004, 08:15 PM
|
#3 |
|
Confirmed User
Join Date: Jan 2004
Location: Cleveland & Atlanta
Posts: 6,706
|
Google desktop search stays off my desktop - easy solution
__________________
|
|
|
|
|
10-27-2004, 09:30 PM
|
#4 |
|
Too lazy to set a custom title
Join Date: Oct 2002
Location: Global Traveler
Posts: 51,271
|
of course there has to be some catch!
 |
|
|
|
|
10-27-2004, 09:33 PM
|
#5 |
|
Confirmed User
Join Date: Sep 2004
Location: Coastal NC
Posts: 498
|
Exploit Discovered? I discovered it when it was mearly an idea, I mean come on WHAT A BAD IDEA !!
You simpoly wont see that shit here, hell I am just getting the nerve up to trust microsucks and SP2. |
|
|
|
|
10-27-2004, 10:00 PM
|
#6 |
|
GFY HALL OF FAME DAMMIT!!!
Join Date: Oct 2003
Posts: 58,202
|
People who install it, is asking for it
|
|
|
|
|
10-27-2004, 11:09 PM
|
#7 |
|
Confirmed User
Join Date: Jul 2004
Posts: 309
|
Installed it. Love it. I limit what it spiders and I believe that its going to be both secure and the best search solution until the new FS comes out from MS in who knows how long (SQL based indexing) I found an email that outlook usually takes 1 minute to find in less than a second. I'm happy. Every OS and most apps have holes. everyone who posted a "i'm staying away" or "born to fail" post has at least one app that is just as bad. guaranteed.
|
|
|
|
