The security freaks at Watchfire recently released an amazing piece of research against Google Desktop. If you use this product it's best to update it now.
PDF and an awesome Adobe Flash presentation are worth checking out.
Essentially through Cross-site Scripting and a Javascript command and control API they've shown the ability to fully compromise a device. All of it can be automated.
As a web user I've been afraid of client-side language interpreters for a long time. Javascript, ActiveX, Java, etc -- they take too much control away from my PC and give it to web servers. Blogs, forums, malicious trojan servers, etc all can carry dangerous payloads that will run unnoticed to me because that's how the user experience is.
This year is going to be fun. :)
No comments:
Post a Comment