Saturday, August 9, 2008

Another Reason to be Careful!

From the ABC:

Google 'gadgets' called gateways for hackers

Hackers turned computer security specialists accuse Google of setting users up for online disasters by letting them personalise home pages with applications that could be tainted.

Software that hackers can trick people into installing on "iGoogle" home pages can track users' activities and control their machines, SecTheory chief executive Robert Hansen has said.

"I could force you to download child porn or send subversive material to China," Mr Hansen said. "The exploitation is almost limitless. Google has to fix it."

Google lets people customise iGoogle home pages with mini-software programs called "gadgets" such as to-do lists, news feeds, currency converters, and calendars.

Hackers can program malicious code into proffered gadgets or break into systems hosted by engineers providing legitimate mini-programs.

"It turns out a lot of people who develop these things aren't good at security," Mr Hansen said, citing research he and Cenzic security analyst Tom Stracener shared at a notorious annual DefCon hacker gathering in Las Vegas.

"We pretty much break into anything we try."

Hackers can resort to a tactic of luring people to websites that trick people into installing applications in iGoogle home pages. A hacker can remotely control a victim's computer as long as the iGoogle page is open.

Gmail users face danger from the same "hole" in security, according to Mr Hansen, whose hacker name is "RSnake".

"We've been telling Google about these vulnerabilities for years and they have not made corrective actions," Mr Hansen said.

"They chose to open the doors and insomuch put a lot of consumers at risk."

Google says it checks gadgets for malicious code, rarely finding any, and that it removes tainted programs.

-AFP

Posted by at
Labels:

4 comments:

  1. cakkleberrylaneAugust 10, 2008 at 4:08 PM

    You just can't be too careful. It always bothers me to use gmail and find that certain words that have been used in the mail generate advertising based on those words. I don't think I ever say anything I wouldn't want public, but it's a little creepy to know this data is collected and used. You have to wonder what else is going on we don't know about.

    ReplyDelete
  2. newlifenarrabriAugust 11, 2008 at 2:08 AM

    Everything on the internet is public and potentially permanent.Every email goes through multiple servers which store it along the way- usually for helpful purposes, but there is always the potential for malicious people to use this fact for bad purposes. Governments can spy on citizens, or fraudsters and blackmailers can capture information.People reveal intimate details of facebook and think they can remove it, but there are services which regularly archive whole sectors of the internet so what you write on my.opera or facebook or whatever could be accessible in 10 years or 100 years time.With the launch of google's street view in Australia last week people were outraged by the publishing of photos of themselves doing things they weren't really proud of. But then they were doing these things in public, so you can't complain about privacy issues!We often think we are all alone when in fact we are out in public view, whether in the real world or in cyberspace! Best policy is never do anything you might regret other people knowing about later- try telling a teenager to plan for what might come out when they are 50. :D

    ReplyDelete
  3. cakkleberrylaneAugust 13, 2008 at 5:08 AM

    :) My mother used to tell me that whatever you do in secret shall be revealed on the housetops. As a kid I had this idea that God was going to paint these things in big letters on the roof. I guess that's pretty close!

    ReplyDelete
  4. newlifenarrabriAugust 13, 2008 at 10:08 AM

    Although I think Google is ony a once off. I don't imagine they will be updating all those photos really soon.

    ReplyDelete

Subscribe to: Post Comments (Atom)