funsec mailing list archives
Google Desktop Exposed
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 2 Dec 2005 18:53:36 -0500
http://www.hacker.co.il/security/ie/css_import.html Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information Overview It was bound to happen. I was recently intrigued by the possibility of utilizing Google Desktop for remote data retrieval of personal user data (such as credit cards and passwords) through the use of a malicious web page. Now, thanks to a severe design flaw in Internet Explorer, I managed to show it's possible to covertly run searches on visitors to a web site by exploiting this vulnerability. In this article I will detail what the vulnerability in IE is and how it is used to exploit Google Desktop. If you have IE 6 and Google Desktop v2 installed you can test it for yourself <http://www.hacker.co.il/security/ie/gdsexploit.html> in my proof of concept page. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Google Desktop Exposed Richard M. Smith (Dec 02)
- RE: Google Desktop Exposed Larry Seltzer (Dec 02)
- RE: Google Desktop Exposed Richard M. Smith (Dec 02)
- RE: Google Desktop Exposed Debasis Mohanty (Dec 04)
- RE: Google Desktop Exposed Larry Seltzer (Dec 02)