 News Menu |
|
|
| Site Menu |
|
|
| Site Affiliates |
|
|
| Advertisements |
|
|
|
|
|
|
| |
Google fixed a flaw in its beta desktop search tool that could have given hackers access to users' local searches, officials said Monday.
The vulnerability, discovered and reported by three members of Rice University's computer science department, proved it was possible for a malware (define) writer to grab information from a Web page containing any desktop searches performed by a user infected with a JavaScript- or applet-based program.
According to the paper "Attacks on Local Searching Tools" by Dan Wallach, Seth Nielson and Seth Fogarty, Google's desktop search program creates a local Web server but only allows the user to get at the data through localhost or 127.0.0.1 connections.
Given Google's Web-centric nature, a desktop search also simultaneously conducts a Web search on Google's site, returning the query and appending it to the desktop search.
The researchers were able to determine that the integration of the desktop and Web searches was conducted by some agent running locally, based on any HTTP (define) request made to the Google Web server. From there, it was a matter of finding a method to prompt a Web search, which would then automatically include the local search.
"While an attacker would not be able to read the victim's files directly, the search results often contain snippets of the file results that will be visible to the attacker."
 News source: InternetNews
|
| There are 0 additional comments, Post a comment | View printable post | Open/Close All Comments |
|
|
|
|
Recent 
Recent 
Announcement
