Google Gadgets are a risky business

Watch out for that little digital clock or virtual aquarium currently dressing up your iGoogle page. It could be a welcome mat for a hacker, or at least that's what Tom Stracener, senior security analyst at security firm Cenzic says.

At Black Hat USA 2008 in Las Vegas, Cenzic, along with hacker Robert Hansen, will present a session called "Xploiting Google Gadgets: Gmalware and Beyond," that aims to show how Google Gadgets, those little applications created to run within other applications like email or on an iGoogle homepage, can be used to attack a PC or network.

According to the press release for the event: "Mr. Stracener has already ported various JavaScript attack utilities to Google Gadgets (like PDP's JavaScript port scanner) and will demonstrate ways to create Gadgets that allow you to port scan internal systems and conduct various JavaScript hacks via malicious gadgets. This presentation will also disclose a "zero day" vulnerability in Google Gadgets that makes Gmalware a significant threat."

Sounds like fun. The session is scheduled for Wednesday, Aug. 6. For more information on the session or Black Hat in general, visit the conference site here.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10