Article

Google Desktop exploit code circulates

SearchSecurity.com Staff

Requires Free Membership to View

A proof of concept is being circulated that details showing how an attacker could exploit Google Desktop to launch software on a victim's computer.

Google hacker Robert Hansen posted the Google Desktop proof of concept at his ha.ckers.org blog. The exploit is not easy for an attacker and it can not be used to install software on a victim's machine, but it is an example of Web-based application vulnerabilities, Hansen, CEO of security consultancy Sechteory.com said. An attacker can use a wireless hotspot and wait for a victim with Google Desktop installed, Hansen said.

"It could be done as a prank or something malicious," Hansen said at the Ha.ckers.org site. "The point being these types of deep integration between the web and client side applications is really dangerous and breaks the security models put in place by the browsers."

Hansen also posted a video of the Google proof of concept.

California legislators could strengthen data security breach law

Legislators in California are considering a bill that would strengthen current data security breach notification requirements in that state to enable consumers and businesses to seek reimbursement for a breach.

The bill is being sponsored by the California Credit Union League (CCUL). The state's current law requires retailers to take "reasonable steps" to destroy consumer data, such as credit and debit card numbers. If passed the bill would ban merchants from storing payment related data.

The bill also requires merchants to notify consumers of a breach with the type of data that was compromised as well as a toll-free number or email address that consumers can contact for more information.

Samba bug found in Mac OS X

The open-source file and print program Samba, has a vulnerability that could be exploited in Mac OS X, according to an alert issued by Symantec.

Multiple heap-based buffer overflow flaws exist in Samba's NDR RPC (remote procedure call) request. The vulnerability affects Samba 3 versions prior to 3.0.25.

Mac OS X users should upgrade to the latest Samba version, 3.0.25. A workaround can also be performed by disabling the Windows Sharing service until Apple has an official update available, Symantec said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: