Wednesday, August 13, 2008

Google Gadgets an Open Door for Attack - CIO.com - Business Technology Leadership

Hmm...

Google Gadget lovers were dealt a blow on Wednesday when two researchers outlined what they called a "hole" during a Black Hat presentation.

"The attacker can forcibly install Google Gadgets; they can read the victim's search history once a malicious gadget has been installed in some specific circumstances; they can attack other Google Gadgets; they can phish usernames and passwords from victims, and so on," said Robert Hansen, also known as RSnake, a founder of security consultancy SecTheory. "Really, the sky is the limit, once the browser is under the control of an attacker. And that point is exacerbated by the fact that people trust Google be a trustworthy domain, making the attacks even easier."

Google Gadgets an Open Door for Attack - CIO.com - Business Technology Leadership

No comments: