Google repairs security hole in its desktop search application
March 1, 2007
Yesterday, Google repaired a security hole in its desktop search application that could have created a way for potential hackers to go through personal files on users' computers. A failure in Google Desktop to properly encode output containing malicious or unexpected characters created an easy way for attackers to transit from the Internet environment to the desktop search software.
Google's new vulnerability opened the way to cross-site scripting attacks which, in turn, created a means for attackers to plant hostile code on targeted machines.
However, Google said yesterday that it has no current evidence the vulnerability was exploited. An automatic update means that users are protected from any potential attacks.
The security hole was discovered by Internet security firm WatchFire, which reported the security flaw to Google in January.
The bug was repaired on Feb. 1, but news of the flaw only emerged this week, coinciding with the release by WatchFire of a press release and research paper explaining the potential problem.
The security bug is far from being the first and certainly not the last to affect Google's popular desktop search software.
Overall, WatchFire said that the integration between desktop applications and Internet-based applications poses a constant risk to users.
Source: The Register
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing