Okay maybe not a PR gold star for Google this week after all...
It does not appear that anyone actually took advantage of the vulnerabilities and made attacks on Google Desktop users, both Watchfire and Google said.
However, Google Desktop is still vulnerable to these cross-site scripting attacks, Allan said, because of the "poor architectural decision" to include a link from Google Web servers to the Google Desktop user's PC.
"The three vulnerabilities were fixed. We also recommended to Google that if there was not a link between Google.com and my machine, then (the hacker) would not be able to connect to my computer. We believe they should remove that link or give consumers a choice as to whether someone can connect from the public Internet to their computer," Allan said.
Source: Serious flaw in Google Desktop gets fix | CNET News.com
No comments:
Post a Comment