funsec mailing list archives
RE: Google Desktop Exposed
From: "Debasis Mohanty" <debasis () hackingspirits com>
Date: Mon, 5 Dec 2005 00:18:57 +0530
Google Desktop Exposed:
Just for a second I thought that the remote GDS bug which I reported to the Vendor last month is somehow leaked.. However, after going through the url it seems to be something different. It is yet to be made public as the vendor is investigating the same. - D Ps: IE is well-known for its cross-zone weaknesses. This is not a GDS bug. -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Richard M. Smith Sent: Saturday, December 03, 2005 5:24 AM To: funsec () linuxbox org Subject: [funsec] Google Desktop Exposed http://www.hacker.co.il/security/ie/css_import.html Google Desktop Exposed: Exploiting an Internet Explorer Vulnerability to Phish User Information Overview It was bound to happen. I was recently intrigued by the possibility of utilizing Google Desktop for remote data retrieval of personal user data (such as credit cards and passwords) through the use of a malicious web page. Now, thanks to a severe design flaw in Internet Explorer, I managed to show it's possible to covertly run searches on visitors to a web site by exploiting this vulnerability. In this article I will detail what the vulnerability in IE is and how it is used to exploit Google Desktop. If you have IE 6 and Google Desktop v2 installed you can test it for yourself <http://www.hacker.co.il/security/ie/gdsexploit.html> in my proof of concept page. ... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Google Desktop Exposed Richard M. Smith (Dec 02)
- RE: Google Desktop Exposed Larry Seltzer (Dec 02)
- RE: Google Desktop Exposed Richard M. Smith (Dec 02)
- RE: Google Desktop Exposed Debasis Mohanty (Dec 04)
- RE: Google Desktop Exposed Larry Seltzer (Dec 02)