Google Gadgets are a risky business

By Source Seeker on Mon, 07/21/08 - 10:33am.

Watch out for that little digital clock or virtual aquarium currently dressing up your iGoogle page. It could be a welcome mat for a hacker, or at least that's what Tom Stracener, senior security analyst at security firm Cenzic says.

At Black Hat USA 2008 in Las Vegas, Cenzic, along with hacker Robert Hansen, will present a session called "Xploiting Google Gadgets: Gmalware and Beyond," that aims to show how Google Gadgets, those little applications created to run within other applications like email or on an iGoogle homepage, can be used to attack a PC or network.

According to the press release for the event: "Mr. Stracener has already ported various JavaScript attack utilities to Google Gadgets (like PDP's JavaScript port scanner) and will demonstrate ways to create Gadgets that allow you to port scan internal systems and conduct various JavaScript hacks via malicious gadgets. This presentation will also disclose a "zero day" vulnerability in Google Gadgets that makes Gmalware a significant threat."

Sounds like fun. The session is scheduled for Wednesday, Aug. 6. For more information on the session or Black Hat in general, visit the conference site here.

Tags

About Source Seeker

The Source Seeker blog is written by Julie Bort, editor of the Open Source Subnet site as well as the Microsoft Subnet, Cisco Subnet sites. Indeed, Bort is the Online Community Editor for all of Network World. She also writes The Microsoft Update blog. If you have an idea for a blog, or a news tip on open source, Microsoft or Cisco, contact her at jbort@nww.com, 970-482-6454 or follow Julie on Twitter @Julie188.

Open Source Subnet is the independent voice of open source users and is your gateway to daily open source news, blogs, tips and more. Visit the Open Source Subnet home page daily.