Hackers May Be Targeting Google Gadgets

Forum Moderators: phranque

Message Too Old, No Replies

Hackers May Be Targeting Google Gadgets

engine

5:16 pm on Aug 8, 2008 (gmt 0)

Hackers May Be Targeting Google Gadgets [usatoday.com]

One of the biggest problems with the so-called Web 2.0 movement has been its encouragement of oversharing — which often means underestimating security risks. Adding doodads of varying quality to a home page can add a lot of pizazz, but can also be fraught with danger, since they can open a door for hackers.
It's a threat even for the biggest Web companies, including Google Inc., whose "gadgets" — little programs like calendars or daily photo feeds that users can implant onto their personalized Google home pages — are increasingly juicy targets for hackers, two security researchers said Wednesday.It's not that Google is designing insecure programs.
The issue is that users building their own customized applications, and distributing them through Google, might have evil intentions and try to exploit those programs once they're installed on users' pages. Many users are inclined to inherently trust what they download from Google.

aspdaddy

2:42 pm on Aug 15, 2008 (gmt 0)

..demonstrated an attack Wednesday at the Black Hat hacker conference...

Nothing new here, the security industry is built on stunts for scare mongering. How else would they continue to sell the same old re-packaged solutions ?

BeeDeeDubbleU

3:15 pm on Aug 15, 2008 (gmt 0)

"The speakers took strong exception to Google's claim. They've had several proof-of-concept gadgets hosted for months on Google, and so far they've never been removed, they said."

Isn't that new?

incrediBILL

6:51 pm on Aug 15, 2008 (gmt 0)

Nothing new here, the security industry is built on stunts for scare mongering

If virtually everything wasn't hackable their demonstrations wouldn't work and nobody would be concerned in the first place.

How else would they continue to sell the same old re-packaged solutions ?

Because those vulnerabilities are never really closed and/or new ones crop up.

Heck, I found a big nasty gaping phish hole in Horde webmail [webmasterworld.com] used to host hundreds of thousands of sites and nobody seemed to even care.

IMO most of the security industry is basically complacent which is why we need the scare mongers to keep them on their toes.

aspdaddy

6:55 am on Aug 16, 2008 (gmt 0)

IMO most of the security industry is basically complacent which is why we need the scare mongers to keep them on their toes.

That makes no sense. This stunt was pulled by the security industry itself (SecTherory & Cenzic). I would expect 2 experts in security at a hacker conference, with thier own special malicious gadget, to be able to compromise any system they chose to target, they chose this one as it makes the news headlines and scares the uninformed.

This 34 message thread spans 2 pages: 34