Res Ipsa Loquitur: Google Desktop Exploit

« It's Over! | Main | Slow For a Reason »

November 03, 2004

Google Desktop Exploit

In case you were thinking of installing the new, handy-dandy Google Desktop Search, here's what I just got from US-CERT:

A remote malicious user can create a specially crafted URL that, when loaded by a target user that has Google Desktop Search installed, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the Google site and will run in the security context of that site.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Translation: you could go to the wrong URL and it could download some code that would allow someone access to everything on your computer....which my non-techie aunt says is the equivalent of having a stranger rummaging around in your underwear drawer.

I think she understands computers much better than she lets on.

Posted by Rita at November 3, 2004 05:03 PM

Comments

Oh wow, thanks for posting this info.

Posted by: Tam at November 4, 2004 12:39 AM

Res Ipsa Loquitur

"Striving For Mediocrity Since 2002"

November 03, 2004

Google Desktop Exploit

Comments