Hackers Exploit Widget Security Holes

New attacks that exploit widgets and gadgets are imminent, according to the latest Web Security Trends Report from Finjan. Finjan's Malicious Code Research Centre has studied changing trends in attacks used by hackers to gain information or control of a user's PC and predicts that the increasing use of widgets is exposing computer users to a whole host of attacks. All types of widget environments, including operating systems, third-party applications, and web widgets, have inadequate security models that could allow malicious widgets to run.

The Finjan research suggests that attacks that exploit the insecurities of widgets are imminent, and that a revised security model should be explored to protect users. "As widgets become common in most modern computing environments their significance from a security standpoint rises," said Yuval Ben-Itzhak, chief technology officer at Finjan. "Vulnerabilities in widgets and gadgets enable attackers to gain control of user machines, and should be developed with security in mind. This attack vector could have a major impact on the industry, exposing corporations to new security considerations that need to be dealt with."

View: Full Story on vnunet.com
View: Web Security Trends Report on Finjan Info Center

Report a problem with article
Previous Story

EU Searches for Galileo Funding Source

Next Story

AMD announces three-core desktop CPU

10 Comments

Commenting is disabled on this article.

predicts that the increasing use of widgets is exposing computer

People predicting obvious stuff. Well, whats next? They will predict a new IE7 exploit?

In other news:
Homes Burgled

The results of a study conducted by researchers at the University of Bloody Obvious suggest that homes with no doors and windows may be more susceptible to burglary. Attackers may gain control of the family remote controls, exposing the family to a vast array of unauthorised TV channel switches.

"These results are beyond speculative", explained Dr. Grant Funded, lead researcher in this ambitious study. "Builders and architects need to factor these findings into all future buildings", he added before beginning his next research project, to discover if night really does follow day.

homes with no doors and windows

Errm, how do the owners get in and out? Sounds like a sealed box to me. Alternatively, it's the Old Woman's housing style == shoe

mrbester said,

Errm, how do the owners get in and out? Sounds like a sealed box to me. Alternatively, it's the Old Woman's housing style == shoe
You must be confusing a door with a door-hole. Similar with windows. When you purchase a window, you actually do get just a window you know, not a bloody hole to put the window into.

These viruses would require user consent to run. So why not just throw an executable at the user instead of using javascript APIs? Perhaps you'll to get by anti-virus software, but that won't last very long.

dandin1 said,
These viruses would require user consent to run. So why not just throw an executable at the user instead of using javascript APIs? Perhaps you'll to get by anti-virus software, but that won't last very long.

Because most people dont suspect a widget could do any harm to their computer. Personally this is why I dont use widgets, + there practically useless, just a bunch of eye candy.

I find my widgets on my sidebar quite usefull, and I can easily hide them when I want the full screen.


also Vista Gadget install warns you about gadget installs, and I only installs gadgets form safe sources.

newS: installing unknown application is a security risk....


anything you install on the computer f you don't trust the publisher is a security risk.

WOW YOU ARE A SUPER GENIUS!

Hey everyone, this guy just pointed out that the unknown can potentially be dangerous -- holy cow I think we have a nobel prize winner...

Uh yeah so what's your point? We shouldn't try to secure things because hey, it's a scary world out there?
There's always gotta be like 20 people like you with some totally useless obvious response like this, seriously if you can explain the point of your post, more power to you, but I think you're an idiot.