Via Ha.ckers.org -
Well fast on the heels of the Firefox plugin MITM vulnerabilities I’ve been working on some other stuff that I think is interesting and of the same genre. This time I came up with a MITM exploit against Google Desktop that would allow an attacker to trick a user into running any program they have installed and that was indexed by Google Desktop. Nasty. I have a pretty thorough writup and a sample video (please read the text before you launch the video or it won’t make much sense).
Using something like Airpwn an attacker can sit in a wireless hotspot and wait for someone who has Google desktop installed (since we can detect for that) and run the exploit against them. It could be done as a prank or something malicious. The point being these types of deep integration between the web and client side applications is really dangerous and breaks the security models put in place by the browsers.
--------------------------------------
I have never liked Google Desktop. It has had problems in the past and it will have more in the future. I personally see it has a unnecessary security risk.
No comments:
Post a Comment