Google's PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS pinning that could give an attacker access to any data indexed by Google Desktop, security researchers said this week. This is the second security problem reported this week for the software. On Wednesday, researchers at Watchfire said they'd found a flaw that could allow attackers to read files or run unauthorized software on systems running Google Desktop. As with Watchfire's bug, attackers would first need to exploit a cross-site scripting flaw in the Google.com Web site for this latest attack to work, but the consequences could be serious, according to Robert Hansen, the independent security researcher who first reported the attack. "All of the data on a Google desktop can now be siphoned off to an attacker's machine," he said.
Cross-site scripting flaws are common Web server vulnerabilities that can be exploited to run unauthorized code within the victim's browser. Hansen, who is CEO of Sectheory.com, did not post proof of concept code for his attack, but he said that he has "tested every component of it, and it works." He has posted some details of how Google Desktop data could be compromised on his blog. Google said it was investigating Hansen's findings
View: The full story
News source: InfoWorld
Cross-site scripting flaws are common Web server vulnerabilities that can be exploited to run unauthorized code within the victim's browser. Hansen, who is CEO of Sectheory.com, did not post proof of concept code for his attack, but he said that he has "tested every component of it, and it works." He has posted some details of how Google Desktop data could be compromised on his blog. Google said it was investigating Hansen's findings
View: The full story News source: InfoWorld
It's looks like INTEL is really serious and going to win this battle, at least for several coming years... But AMD becomes a cheap solution for many people...
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.