Web Design Brisbane - Raycon Web Design Brisbane - Raycon

Articles

View full article list

Google Desktop Security Issue

Mark Edwards
19-06-2007

In late May, the security blog at ha.ckers.org reported a vulnerability in Google desktop. The full details of this exploit are available at: ha.ckers.org/google-desktop-0day/ There is a text description and a video of how it works.



It is reasonably complex to explain but it is classified as a Man in the Middle (MITM) attack. In essence, a MITM attack is where two people (Bob and Alice) establish a communication and unbeknownst to either of them, a third party (Mallory) is sitting between the two of them intercepting their messages. Mallory can then pass messages between Bob and Alice and simply read what is said or he can change communications to either party tricking them into accepting his own message as legitimate. For further information en.wikipedia.org/wiki/Man_in_the_middle_attack



The fundamental weakness with Google Desktop is that it links the Internet to the filesystem on your computer. Any vulnerability in software like this allows very high level access to your computer with potentially devastating results. The other weakness is its popularity. With a large installed user base, Google Desktop is the kind of software that attracts the efforts of people looking for weaknesses to exploit.



Whilst this bug will be fixed soon if it has not already, it is wise to think about the benefits versus the potential costs of using this application.

View full article list