A new Google Desktop "phishing" exploit is being reported by Netcraft.
Salvatore Aranzulla, an Italian journalist who discovered the exploit, says "The flaw allows attackers to target users of the Google Desktop application and modify the contents of search pages by injecting scripts located on external servers. Such cross site scripting attacks provide attackers with a means of obtaining information under the guise of a reputable domain."
Aranzulla has published details about the new vulnerability on his web site, where he includes some example exploits (Italian). Inexperienced users may be susceptible to phishing attacks like this one. Experienced users may become suspicious of it however.
This exploit is similar but seperate to the exploits discovered earlier in which one Google had known about for two years. That exploit was not severe enough until the release of Google Desktop prompted them to look at it again.
What I can ascertain from Aranzulla's example (it is in Italian), is that this exploit will probably need an update in the software itself. The previous exploits could be fixed at the Google Website. Aranzulla is recommending removal of the software.
So far there has been no response from Google.
No comments:
Post a Comment