Skip to main content

Man in the middle attack threatens Google Desktop

posted onJune 5, 2007
by hitbsecnews

A clever hacker has discovered a vulnerability in Google Desktop, exploiting a man-in-the-middle attack that could lead to someone becoming unknowingly compromised. It is a somewhat complicated attack and would require that the attacking person would have access to your local network or some other way of accessing data being transmitted between you and Google's servers:

With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop.

Regardless of its difficulty, it brings out a good point in that the more integration between a desktop and a remote server, the higher the chance of something going wrong, especially with unencrypted data. That's not what companies like Google and Microsoft want to hear, who are pushing for web applications and even remote work environments as a next step in desktop and office computing.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, October 22nd

Sunday, October 13th

Wednesday, October 9th

Tuesday, October 8th

Monday, October 7th

Friday, October 4th

Wednesday, October 2nd

Thursday, September 26th

Wednesday, September 25th

Tuesday, September 24th