« Florence Night-Intel | Main | Britney Spears' hair goes online »
Google Desktop falls victim to XSS flaw
Online attackers can gain access to the Google Desktop application through a cross site scripting attack, researchers at Watchfire have discovered.
We've seen cross site scripting vulnerabilities before, but this one is amazingly easy to demonstrate on your home or office computer, provided that you are running Google Desktop and haven't just updated it.
Curious? Go to your Google Desktop search page and type in the following:
under:<script>alert(This is all it takes)</script>
Once you enter that instruction, an alert box will pop up with the text "This is all it takes" inside. Displaying an alert box might not be anything serious, but that attacker can also insert more harmful commands that can expose confidential information, or worse.
Now go to Google and download the latest Google Desktop update.
February 22, 2007 at 01:23 AM | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/t/trackback/24766/16301918
Listed below are links to weblogs that reference Google Desktop falls victim to XSS flaw:
Spanish
