Anti DNS Attack Strikes Google Desktop

Google's PC search software is vulnerable to a variation on a little known Web based attack called anti DNS pinning, which could give an attacker access to any data indexed by Google Desktop, security researchers said this week.

This is the second security problem reported this week for the software. On Wednesday, researchers at Watchfire said they’d found a flaw that could allow attackers to read files or run unauthorized software on systems running Google Desktop.

As with Watchfire’s bug, attackers would first need to exploit a cross-site scripting flaw in the website for this latest attack to work, but the consequences could be serious, according to Robert Hansen, the independent security researcher who first reported the attack. "All of the data on a Google desktop can now be siphoned off to an attacker’s machine," he said. Anti-DNS Attack Strikes Google Desktop - Security Feed - News - CSO Magazine

Linked by shanmuga Thursday, 1st March 2007 12:38AM