Slashdot Mirror
Zero Day Hole In Google Desktop
40by40 writes "A Web application security specialist has figured out a way to launch man-in-the-middle attacks against a computer with a fully patched Google Desktop installed. With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), hacker Robert Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop. From the article: 'This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model. As Google's site is unencrypted, and they place their content that can run executables on their site, it can be subverted by an attacker," Hansen warns. Hansen's advisory comes just days after a Chris Soghoian's exposé of a similar man-in-the-middle attack scenario against a remote vulnerability in the upgrade mechanism used by a number of commercial Firefox extensions.'"
It sounds like this takes advantage of the "Google Integration" feature, where the Google Desktop software adds a link to your Google search results page. I found his explanation rather unclear, but it sounds like you can avoid this by going into Google Desktop's preferences, then the Display tab, then un-checking the last checkbox, "Show Desktop Search results on Google Web Search result pages".
I've always thought that was a scary idea anyway, since my desktop content should be in a clearly-partitioned security domain from Web content.
How does one stop Google desktop from indexing executables? When I open the Google Desktop preferences, exe files aren't even listed as something I can index, but search for an executable like hypertrm.exe on Google desktop, and it shows up anyway, which is the 'meat' of this vulnerability.
It should be illegal to say that freedom of speech should be limited.
Yes, Apache has a good reputation for security, but like most popular, complex programs, its history is far from exploit-free.
-snarkbot
Google is nice enough to offer SSL for most of its services these days. It would make a lot of sense for them to round out their secure offerings with an SSL search as well.
Right now, any request to an encrypted Google search URL redirects you to www.google.com.
I think that ActiveX components are signed/named, so there wouldn't be as much of a problem with them. Don't quote me on that, though.
Ewige Blumenkraft.
Hrm... you seem unaware that the very desktop (and mobile) friendly Macintosh and the coming generation of iPhones, iPods, and probably other digital appliances from Apple are based on a real UNIX underneath? The UNIX foundation of the system design is partly responsible for the rapid pace of evolution of Mac OS X.
Although extreme hubris might combine with extreme resources (both dollars and talent) at Google to lead to the creation of an entirely new OS from the ground up, there may not be any need for that. The UNIX wheel is relatively round these days, particularly considering the Mac OS X / OSX example. Better yet, UNIX is nicely modular. If anyone devises a clever way to "avoid buffer overflow situations" it seems likely, on the basis of past evidence concerning technology development and adoption within UNIX systems in general, that it would be easier to integrate that language and compiler, or whatever technology it happens to be, into a UNIX operating system than it would be to create a fully capable system on top of it from whole cloth.
Since you seem genuinely interested in the topic, here are some reasonable books on operating system design which you might enjoy.
The Design and Implementation of the 4.4 BSD Operating System
Design of the UNIX Operating System
Operating System Design: The Xinu Approach
UNIX Internals: The New Frontiers
Mac OS X Internals: A Systems Approach
Solaris Internals
The other issues you raise are largely issues of interface design, which the open source community seems to do rather poorly, or at least not as well as it does other things. Google certainly does not need to re-invent the entire operating system wheel to improve URL integration, or provide a "minimalist" desktop interface, for example. They don't even need to strip features, really. Mac OS X, for example, provides enough of a minimalist default interface that novice computer users are comfortable with it. A Linux based OS from Google could take a similar approach, perhaps being even more spartan in the basic features, if that's really a desirable goal (which is another question entirely).
If you mod me down, I shall become more powerful than you could possibly imagine.
Firefox offers the exact same mechanism. Firefox extensions can contain (and run) executable code. (See below.)
As the Greasemokey security vulnerability demonstrated, web pages can "script" Firefox extensions.
ActiveX = executable code + scripting from the web browser. Firefox extensions introduce the same risks as ActiveX.
Take for instance FoxyTunes, which is listed on the Recommended Add-ons page. Download the XPI file, rename it to ZIP. Open it in WinZip or whatever. You'll notice several files:
DLL files are executable code on Windows. I'm assuming the *.linux and *.mac are similar. SO files are executable code under Linux, not sure why it has .file after it. I'm sure there are more extensions with executable code, that was just the first I looked at. Look for any extension that integrates with external software - almost always there will be a DLL or EXE.
The Online Slang Dictionary
You want to see sandboxing? IE on Vista. Durr.
*beagle
Beware he who would deny you access to information, for in his heart he dreams himself your master. -Anonymous