Google Desktop flaw discovered that leaves computers vulnerable to attack online. Robert Hansen, a consultant at Sectheory.com and a contributor to Ha.ckers.org, has published information that shows how it is possible to exploit the flaw to, among other things, access software in the victims’ equipment.
In statements to Computerworld, the expert stresses that the attacks are not easy to carry out. However, they show the security gaps associated with applications web-based, says the consultant.
Hansen explains that when there are systems designed by third parties to interact with browsers the security barriers of the application are inadvertently broken.
To be successful, a hacker would have to start an attack «man-in-the-middle«by placing itself between the victim’s servers and Google’s. After this process, the attacker could modify the websites «sent» to the target computers. When sending changed pages, as a result of a search, attackers can place links malicious.
Robert Hansen explains that «by clicking on a link users are not accessing a link on the page, but a link to Google Desktop that runs a certain code «.
Similar flaws were detected this week in the Google, Yahoo and AOL toolbars. Google Desktop has also been the target of other flaws that allowed malicious code to run. The most recent episode occurred in February of this year.
Related News:
2007-04-30 – Google Desktop 5 updated with support for 29 languages
2007-04-04 – Google Desktop for Mac available from today
