Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Google Desktop and IE allow phishing

Google Desktop and IE allow phishing

by Nikola Strahija on December 3rd, 2005 Google Desktop and Internet Explorer can be abused to reveal all information on a personís hard disc.


Matan Gillon, a security researcher, has published a proof-of-concept flaw that exploits Google Desktop and Internet Explorer 6.

Microsoft's lax and inconsistent implementation of Cascading Style Sheets (CSS) in Internet Explorer, combined with careless programming of the Google Desktop search bar work wonders for phishers.

-All an attacker has to do is lure a user to a malicious web page. Thousands of web sites can be exploited and there isn't a simple solution against this attack at least until IE is fixed. That means millions of IE users are affected by this design flaw, writes Gillon.

Gillon discovered that on certain pages, such as Google News, it was easy to extract the security key that the local copy of Google Desktop needs to permit queries to be executed.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »