Re: [Full-disclosure] Overtaking Google Desktop
- From: "Steve Ragan" <sragan@xxxxxxxxxxx>
- Date: Thu, 22 Feb 2007 01:31:23 -0500
Yea he uses it later in the video, you see him pull it up in the attack, and
read it. One would assume it is fake.
-Steve
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Steven
Scheffler
Sent: Thursday, February 22, 2007 1:23 AM
To: pdp (architect); Yair Amit
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Overtaking Google Desktop
Hey, there is a passwords.txt showing on the 3rd slide :) intentional?
;)
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of pdp
(architect)
Sent: Wednesday, February 21, 2007 5:03 PM
To: Yair Amit
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Overtaking Google Desktop
This is quite interesting although it is a concept that has been developed
on sla.ckers.org some time ago. I love the presentation...
brilliant.
On 2/21/07, Yair Amit <yairam_ng@xxxxxxxxxxxxx> wrote:
Hello,well.
A new research from Watchfire has revealed a serious vulnerability in
Google Desktop.
The attack, which is fully presented in a new Watchfire research paper
released today (available at
http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf), can
allow a malicious individual to achieve not only remote, persistent
access to sensitive data, but in some cases full system control as
to
Google Desktop is a popular freeware desktop search tool which offers
powerful indexing abilities along with an easy to use interface.
In many cases, Google Desktop manages highly sensitive information.
Therefore, the impact of a security breach in it is far-reaching.
Google Desktop contains several protection mechanisms to secure its
indexed data against remote intruders.
In this paper, we present a step-by-step attack flow that circumvents
Google Desktop's protection mechanisms and allows a malicious attack
take place against Google Desktop users.Google
The attack is composed of web-application security flaws found in
Desktop along with exploitation of Google Desktop's tight integration
with the Google.com website.
The paper shows that it is possible to achieve a remote and persistent
access to sensitive data on attacked systems.
In addition, under certain conditions, it is also possible to covertly
inject and execute malicious applications on attacked systems, using
Google Desktop's own features.
The full paper can be found in the following link:
http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf
A demonstration of the attack flow can be found at the same page or at
the following link:
http://download.watchfire.com/googledesktopdemo/index.htm
Note:
-----
The Google Desktop security flaw was coordinated with the Google
Security Team.
Google has been responsive and recently issued a patch which mitigates
the risk of the attack.
We highly recommend all Google Desktop users to make sure they have an
updated version installed on their system.
This vulnerability was discovered by me with the cooperation of Danny
Allan and Adi Sharabani.
Best regards,
Yair Amit
Security Team
Watchfire (Israel) Ltd.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
pdp (architect) | petko d. petkov
http://www.gnucitizen.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/ This e-mail message is
confidential and intended solely for the person to whom or the entity to
which it is addressed. All the contents and any attachments remain the
property of VR Services (Pty) Ltd unless so stated by contract.
If you are not the intended recipient, you are prohibited from reading,
copying, using or disclosing this message to others.
If you received this message in error, please notify the sender immediately
by replying to this e-mail or by telephoning +27 21 528 9300 and thereafter
delete the message. VR Services (Pty) Ltd does not accept liability for any
personal views expressed in this message.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.441 / Virus Database: 268.18.3/696 - Release Date: 2/21/2007
3:19 PM
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.441 / Virus Database: 268.18.3/696 - Release Date: 2/21/2007
3:19 PM
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] Overtaking Google Desktop
- From: Michal Zalewski
- Re: [Full-disclosure] Overtaking Google Desktop
- References:
- Re: [Full-disclosure] Overtaking Google Desktop
- From: pdp (architect)
- Re: [Full-disclosure] Overtaking Google Desktop
- From: Steven Scheffler
- Re: [Full-disclosure] Overtaking Google Desktop
- Prev by Date: Re: [Full-disclosure] Overtaking Google Desktop
- Next by Date: Re: [Full-disclosure] Overtaking Google Desktop
- Previous by thread: Re: [Full-disclosure] Overtaking Google Desktop
- Next by thread: Re: [Full-disclosure] Overtaking Google Desktop
- Index(es):
Relevant Pages
|
|
