Monday, June 18, 2007

Security Concerns: Deep Integration of Desktop and Web

I saw this post on Webware about Google Desktop being vulnerable and suggesting switching to Yahoo Desktop Search.

It looks like this "man in the middle" vulnerability also applies to lots of toolbars in Firefox and the entire Google Pack Suite.

Christopher Soghoian, a graduate student at Indiana University's School of
Informatics, discovered that an attacker can silently slip malicious software onto computers via an upgrade mechanism flaw in the latest versions of highly popular Firefox extensions, including Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar and PhishTank SiteChecker. |Vulnerability found in Firefox Extension, Google toolbar - Desktop Linux|
The general point about deep integration between web applications and desktop applications being dangerous strikes me as especially true given all the news about Adobe AIR, which will lead to more of this type of deep integration.

No comments: