TimmyHHackers Targeting Google Gadgets
August 13th 2008 05:03
One of the biggest problems of the Internet and Web 2.0 has been the epidemic of Over-Sharing. Adding pizzazz to your homepage might well attract more attention, but it also opens a door for hackers to infiltrate your system as web giant Google is finding out.
Two security researchers discovered last week that the “Google Gadgets” like daily photo feeds and calendars that people put on their websites are a prime target for hackers. Google does not necessarily design insecure programs, the issue is more that when users with evil intentions implement their own applications and distribute them through Google straight onto the pages of other users.
This phenomenon is only possibly because of the inherit trust that users place in Google applications, a reputation that could be tarnished by the actions of outside developers.
Last Wednesday at the Black Hat hacker conference in Las Vegas, Robert Hansen, chief executive of security consultant SecTheory, and Tom Stracener, senior security analyst with security testing software maker Cenzic Inc., demonstrated an attack in which they used a malicious gadget to break into a person's Web browser and read their searches in real time.
The malicious gadgets as he calls them could be used in real time in a variety of attacks to steal and store personal information say Hansen and Strancener. "How do you know it's a legitimate gadget?" Hansen asked. "Because someone uploaded it? There's no moderation, there's no way to guarantee it won't turn bad."
Google isn't alone in the fight against these applications.
The company is currently fighting the same battle that social networking sites have been engaged in for some time. Facebook and MySpace have constantly encouraged users to spruce up their pages with applications that deliver content from outside their safety net. These applications run code on the page that could potentially be used for good or evil.
Google has hit back at Hansen’s supposed demonization of its vetting process for gadgets. The company said in a statement that it scans all gadgets regularly for malicious code, and in the "very rare" instance in which one is found it's immediately blacklisted.
Google continued, saying that since November of last year, “inline” gadgets which do have access to user account information have had security limitations placed on them which means the application cannot be altered.
The company defended its program and said gadgets are created by developers from around the world and "provide a convenient way for users to view information collected from around the Web in one place."
Really Long Link
Two security researchers discovered last week that the “Google Gadgets” like daily photo feeds and calendars that people put on their websites are a prime target for hackers. Google does not necessarily design insecure programs, the issue is more that when users with evil intentions implement their own applications and distribute them through Google straight onto the pages of other users.
This phenomenon is only possibly because of the inherit trust that users place in Google applications, a reputation that could be tarnished by the actions of outside developers.
Last Wednesday at the Black Hat hacker conference in Las Vegas, Robert Hansen, chief executive of security consultant SecTheory, and Tom Stracener, senior security analyst with security testing software maker Cenzic Inc., demonstrated an attack in which they used a malicious gadget to break into a person's Web browser and read their searches in real time.
The malicious gadgets as he calls them could be used in real time in a variety of attacks to steal and store personal information say Hansen and Strancener. "How do you know it's a legitimate gadget?" Hansen asked. "Because someone uploaded it? There's no moderation, there's no way to guarantee it won't turn bad."
Google isn't alone in the fight against these applications.
The company is currently fighting the same battle that social networking sites have been engaged in for some time. Facebook and MySpace have constantly encouraged users to spruce up their pages with applications that deliver content from outside their safety net. These applications run code on the page that could potentially be used for good or evil.
Google has hit back at Hansen’s supposed demonization of its vetting process for gadgets. The company said in a statement that it scans all gadgets regularly for malicious code, and in the "very rare" instance in which one is found it's immediately blacklisted.
Google continued, saying that since November of last year, “inline” gadgets which do have access to user account information have had security limitations placed on them which means the application cannot be altered.
The company defended its program and said gadgets are created by developers from around the world and "provide a convenient way for users to view information collected from around the Web in one place."
Really Long Link
| 59 |
| Vote |
Comment by katyzzz
Photography Tips
MS Paint Art