Man in the middle attack threatens Google Desktop

posted onJune 5, 2007
by hitbsecnews

A clever hacker has discovered a vulnerability in Google Desktop, exploiting a man-in-the-middle attack that could lead to someone becoming unknowingly compromised. It is a somewhat complicated attack and would require that the attacking person would have access to your local network or some other way of accessing data being transmitted between you and Google's servers:

With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop.

Regardless of its difficulty, it brings out a good point in that the more integration between a desktop and a remote server, the higher the chance of something going wrong, especially with unencrypted data. That's not what companies like Google and Microsoft want to hear, who are pushing for web applications and even remote work environments as a next step in desktop and office computing.

Source

Tags

Security

You May Also Like

Other Articles In This Section

Recent News

Tuesday, October 22nd

Malware hides as iOS jailbreak, Sucuri is insecuri, and China is about to get even worse
Google says a fix for Pixel 4 face unlock is “months” away
Apple releases new version of macOS Catalina Supplemental Update
Hackers steal secret crypto keys for NordVPN. Here’s what we know so far
Inside Apple’s High-Flying Bid to Become a Streaming Giant
HITB+CyberWeek 2019 concludes with PROCTF showdown in Abu Dhabi

Sunday, October 13th

Cyber Battle of the Emirates & Pro Capture the Flag Enthrall as HITB+Cyberweek Gets Underway in Abu Dhabi

Wednesday, October 9th

Huawei hits record 5G speed of 3.67Gbps on live Swiss C-Band network
Sony confirms the PlayStation 5 is coming in 2020, reveals new hardware details
FBI misused surveillance data, spied on its own, FISA ruling finds

Tuesday, October 8th

Hackers Patch Web Browsers to Track Encrypted Traffic
AIG says its cyber insurance plans don't cover criminal acts; wants lawsuit tossed
October 2019 security patch now rolling out for Galaxy S10, Note 10
Mariposa Botnet Author, Darkcode Crime Forum Admin Arrested in Germany
Exclusive: A Deeper Look at the PlayStation 5
How to make your own bootable macOS 10.15 Catalina USB install drive
macOS 10.15 Catalina: The Ars Technica review

Monday, October 7th

FBI warns about attacks that bypass multi-factor authentication (MFA)

Friday, October 4th

Microsoft: MFA bypass attacks are so rare we don't have good statistics on them
Tim Cook throws shade at Facebook's Libra cryptocurrency
Major VOIP Security Flaws Discovered in Android
The Internet’s Horrifying Way to Get Google Apps on Huawei Phones
The Same Old Encryption Debate Has a New Target: Facebook
US wants Facebook to backdoor WhatsApp and halt encryption plans
Attackers exploit 0day vulnerability that gives full control of Android phones

Wednesday, October 2nd

The Standoff: Attackers and defenders to face off in digital metropolis security challenge

Thursday, September 26th

Witness the ultimate ‘Hackable City’ come to Life during the Standoff at HITB+ CyberWeek

Wednesday, September 25th

Positive Technologies Brings ‘Hackable City’ to Life in The Standoff Cyberbattle at HITB+ CyberWeek

Tuesday, September 24th

World’s top 25 CTF teams to battle for $100,000 at HITB PRO CTF
Facebook's Latest Purchase Gets Inside Users' Heads—Literally
Malindo Air identifies employees of e-commerce contractor behind data breach
Microsoft releases out-of-band security update to fix IE zero-day & Defender bug
Apple's iOS 13 iPhone software brings bugs and leaves phone vulnerable to hackers
After a five-month delay, the $2,000 Galaxy Fold arrives in the US on Friday
iPhone 11 review - the iPhone Apple is trying to sell to everybody

#HITBGSEC 2018 Play all

#HITB2019AMS PRECONF PREVIEW - The End Is The Beginning Is The End: Ten Years In The NL Box
#HITB2019AMS PRECONF PREVIEW - The End Is The Beginning Is The End: Ten Years In The NL Box
#HITB2019AMS PRECONF PREVIEW - The Beginning of the End? A Return to the Abyss for a Quick Look
#HITB2019AMS PRECONF PREVIEW - The Beginning of the End? A Return to the Abyss for a Quick Look
#HITB2019AMS KEYNOTE: The End Is The Beginning Is The End: Ten Years In The NL Box - D. Kannabhiran
#HITB2019AMS KEYNOTE: The End Is The Beginning Is The End: Ten Years In The NL Box - D. Kannabhiran
#HITB2019AMS D1T1 - Make ARM Shellcode Great Again - Saumil Shah
#HITB2019AMS D1T1 - Make ARM Shellcode Great Again - Saumil Shah
#HITB2019AMS D1T2 - Hourglass Fuzz: A Quick Bug Hunting Method - M. Li, T. Han, L. Jiang and L. Wu
#HITB2019AMS D1T2 - Hourglass Fuzz: A Quick Bug Hunting Method - M. Li, T. Han, L. Jiang and L. Wu
#HITB2019AMS D1T1 - TOCTOU Attacks Against Secure Boot And BootGuard - Trammell Hudson & Peter Bosch
#HITB2019AMS D1T1 - TOCTOU Attacks Against Secure Boot And BootGuard - Trammell Hudson & Peter Bosch
#HITB2019AMS D1T2 - Hidden Agendas: Bypassing GSMA Recommendations On SS7 Networks - Kirill Puzankov
#HITB2019AMS D1T2 - Hidden Agendas: Bypassing GSMA Recommendations On SS7 Networks - Kirill Puzankov
#HITB2019AMS D1T1 - Finding Vulnerabilities In iOS/MacOS Networking Code - Kevin Backhouse
#HITB2019AMS D1T1 - Finding Vulnerabilities In iOS/MacOS Networking Code - Kevin Backhouse
#HITB2019AMS D1T2 - fn_fuzzy: Fast Multiple Binary Diffing Triage With IDA - Takahiro Haruyama
#HITB2019AMS D1T2 - fn_fuzzy: Fast Multiple Binary Diffing Triage With IDA - Takahiro Haruyama
#HITB2019AMS D1T3 - How To Dump, Parse, And Analyze i.MX Flash Memory Chips - Damien Cauquil
#HITB2019AMS D1T3 - How To Dump, Parse, And Analyze i.MX Flash Memory Chips - Damien Cauquil

#HITBGSEC 2018 CommSec Play all

#HITBHaxpo D1 - Hacking The 0day Market - Andrea Zapparoli Manzoni
#HITBHaxpo D1 - Hacking The 0day Market - Andrea Zapparoli Manzoni
#HITBHaxpo D1 - WiCy: Monitoring 802.11AC Networks At Scale - Vivek Ramachandran
#HITBHaxpo D1 - WiCy: Monitoring 802.11AC Networks At Scale - Vivek Ramachandran
#HITBHaxpo D1 - Hacking LTE Public Warning Systems - Weiguang Li
#HITBHaxpo D1 - Hacking LTE Public Warning Systems - Weiguang Li
#HITBHaxpo D1 - V1 Bounty: Building A Coordinated Bug Disclosure Bridge For The EU - Benjamin Kunz
#HITBHaxpo D1 - V1 Bounty: Building A Coordinated Bug Disclosure Bridge For The EU - Benjamin Kunz
#HITBHaxpo D1 - Social Networks: Can We Fix Them? - Joel Hernandez
#HITBHaxpo D1 - Social Networks: Can We Fix Them? - Joel Hernandez
#HITBHaxpo D2 - Rise Of The WarPi - Kevin McPeake
#HITBHaxpo D2 - Rise Of The WarPi - Kevin McPeake
#HITBHaxpo D2 - Attacking Encrypted VOIP Protocols - Ivica Stipovic
#HITBHaxpo D2 - Attacking Encrypted VOIP Protocols - Ivica Stipovic
#HITBHaxpo D2 - PatrOwl - The Red Flavour Of SOC Automation And Orchestration - Nicolas Mattiocco
#HITBHaxpo D2 - PatrOwl - The Red Flavour Of SOC Automation And Orchestration - Nicolas Mattiocco
#HITBHaxpo D2 - Secure And Scalable Anomaly-Based Network Intrusion Detection - Philipp Mieden
#HITBHaxpo D2 - Secure And Scalable Anomaly-Based Network Intrusion Detection - Philipp Mieden
#HITBHaxpo D2 - Demystifying IoT/OT Hacks With SDR - Harshit Agrawal & Himanshu Mehta
#HITBHaxpo D2 - Demystifying IoT/OT Hacks With SDR - Harshit Agrawal & Himanshu Mehta

#HITB2018AMS Play all

#HITBGSEC COMMSEC: Exploiting Zoom On MacOS - Michael Gianarakis and Sean Yeoh
#HITBGSEC COMMSEC: Exploiting Zoom On MacOS - Michael Gianarakis and Sean Yeoh
#HITBGSEC COMMSEC: Activities Of The Tick Cyber Espionage Group Over The Last 10 Years - Cha Minseok
#HITBGSEC COMMSEC: Activities Of The Tick Cyber Espionage Group Over The Last 10 Years - Cha Minseok
#HITBGSEC COMMSEC: Underrated Security Bugs - Eldar "Wireghoul" Marcussen
#HITBGSEC COMMSEC: Underrated Security Bugs - Eldar "Wireghoul" Marcussen
#HITBGSEC COMMSEC: Car Hacking Made "Easel" - Alina Tan, Chun Yong, Tan Pei Si and Solomon Tan
#HITBGSEC COMMSEC: Car Hacking Made "Easel" - Alina Tan, Chun Yong, Tan Pei Si and Solomon Tan
#HITBGSEC COMMSEC: Hacking Object Detectors Is Just Like Training Neural Networks - Jay Xiong
#HITBGSEC COMMSEC: Hacking Object Detectors Is Just Like Training Neural Networks - Jay Xiong
#HITBGSEC COMMSEC BONUS: Security Should Be Smarter Not Harder - Katie Moussouris
#HITBGSEC COMMSEC BONUS: Security Should Be Smarter Not Harder - Katie Moussouris
#HITBGSEC COMMSEC: How To Detect Fake Faces (Manipulated Images) Using CNNs - Jay Xiong
#HITBGSEC COMMSEC: How To Detect Fake Faces (Manipulated Images) Using CNNs - Jay Xiong
#HITBGSEC COMMSEC: Tracking Fake News Based On Deep Learning - Zonghou Lv,Tao Wei and Dou Goodman
#HITBGSEC COMMSEC: Tracking Fake News Based On Deep Learning - Zonghou Lv,Tao Wei and Dou Goodman
#HITBGSEC COMMSEC: Perfidious: Make PE Backdooring Great Again! - Shreyans Doshi
#HITBGSEC COMMSEC: Perfidious: Make PE Backdooring Great Again! - Shreyans Doshi
#HITBGSEC COMMSEC: DFEx - DNS File Exfiltration - Emilio Couto
#HITBGSEC COMMSEC: DFEx - DNS File Exfiltration - Emilio Couto

#HITB2018AMS CommSec Play all

#HITB2018AMS CommSec D1 - The Life & Death of Kernel Object Abuse - Salf ElSherei & Ian Kronquist
#HITB2018AMS CommSec D1 - The Life & Death of Kernel Object Abuse - Salf ElSherei & Ian Kronquist
#HITB2018AMS CommSec D1 - Steganography Ante Portas - Steffen Wendzel
#HITB2018AMS CommSec D1 - Steganography Ante Portas - Steffen Wendzel
#HITB2018AMS CommSec D1 - Behaviors and Patterns of Rogue Hosting Providers - D. Mahjoub & S. Brown
#HITB2018AMS CommSec D1 - Behaviors and Patterns of Rogue Hosting Providers - D. Mahjoub & S. Brown
#HITB2018AMS CommSec D1 - An Isolated Data Center Security Policy Model Using SmartNICs - Ofir Arkin
#HITB2018AMS CommSec D1 - An Isolated Data Center Security Policy Model Using SmartNICs - Ofir Arkin
#HITB2018AMS CommSec D1 - Keynterceptor: Press Any Key to Continue - Niels van Dijkhuizen
#HITB2018AMS CommSec D1 - Keynterceptor: Press Any Key to Continue - Niels van Dijkhuizen
#HITB2018AMS CommSec D1 - How to Find and Exploit Bugs in IoT Devices - Kelvin Wong
#HITB2018AMS CommSec D1 - How to Find and Exploit Bugs in IoT Devices - Kelvin Wong
#HITB2018AMS CommSec D1 - Faster, Wider, Greater: Modern Pentest Tricks - Thomas Debize
#HITB2018AMS CommSec D1 - Faster, Wider, Greater: Modern Pentest Tricks - Thomas Debize
#HITB2018AMS CommSec D1 - A Deep Dive Into Malicious Documents - Josh Stroschein
#HITB2018AMS CommSec D1 - A Deep Dive Into Malicious Documents - Josh Stroschein
#HITB2018AMS CommSec D1 - Attacking IoT Speakers - Stephen Hilt
#HITB2018AMS CommSec D1 - Attacking IoT Speakers - Stephen Hilt
#HITB2018AMS CommSec D2 - Hiding Tasks via Hardware Task Switching - Kyeong Joo Jung
#HITB2018AMS CommSec D2 - Hiding Tasks via Hardware Task Switching - Kyeong Joo Jung