Jump to content
xisto Community
Sign in to follow this  
Saint_Michael

Google Toolbar Flaw Opens Door For Attackers Not a very big surprise if you ask me.

Recommended Posts

OH NO Hell must be freezing over or I wouldn't believe this if it were not true or not, and it is. It would seem the power house known as google has got a nasty little flaw in its google toolbar and from the looks of this flaw phishers can get into your computer.

 

The flaw lies in the mechanism Google Toolbar uses to add new buttons on the browser. Because the toolbar does not perform adequate checks when new buttons are being installed, a hacker could make his button appear as though it was being downloaded from a legitimate site when in fact it came from somewhere else. By spoofing the origin of the toolbar button, an attacker could download malicious files or launch a phishing attack against the victim, wrote security researcher Aviv Raff in a blog post on the issue.

 

Alas for this to affect you so many things would have to go wrong:

 

The attack requires many steps. First, the victim would have to be tricked into clicking on a Web link that would then pop up a window asking the user if he wants to install a custom button on his toolbar. Because of the flaw, this alert could look like it was downloading the button from a legitimate site such as Google.com, even if it were not. Once the button was installed on the tool bar, the victim would then have to click on it, and finally agree to download and run an executable file for the malicious software to be installed.

But it seems this is not hte first time this guy has found something wrong with google as he was able to find a way to produce a cross-site scripting attack through google's own search engine, and I find that funny that I only new about this and nothing was made public about it that I am aware of. So if you haven't updated the tool bar or no pop up showed up about updating the google tool bar then make sure to install the current one.

 

SOURCE

Share this post


Link to post
Share on other sites

This is nothing new, any software that gets more popular and many people start using it the hackers start looking for exploits in them to make use of them. We get to know about these exploits only when the softwares gets a large user base. THe best exampe for this is the illfated Windows. I havent seen any software that is completely free of errors , and it is next to impossible to acheive this practically.

Share this post


Link to post
Share on other sites

This is my opinion: hackers wouldn't do these things if flaws weren't blatantly screamed across the internet. Google should resolve these issues and nothing should be said. If someone searched Google for: "google toolbar flaws", it comes up with a whole list of websites that tell you about the flaw, what hackers could do etc. If a hacker just Googled "google toolbar flaws", they can instantly come up with a whole list of ways to hack into Google Toolbar.

Share this post


Link to post
Share on other sites

News title: Google Toolbar flaw opens door for attackers

News source: http://forums.xisto.com/no_longer_exists/



This is just another one, google products and services are very good, some of the best in fact, and a few the best, but lets face it, they are full of vulnerabilities, anyone that uses a google service or product is open to an attack from any cracker that just wants to do it.

Besides beeing very helpful the google toolbar, pay atention to a new version patched for this bug, it is better for you to just play safe, or just uninstall it until there is a very secure version out of the google toolbar, that is what i am going to do.

Share this post


Link to post
Share on other sites

I really hate those toolbars, because they take up space. But it is a faster way to search, without having to type in http://forums.xisto.com/no_longer_exists/ blah..

Wow, so does the Internet Explorer 7, with the google search affect me in any way?
Note: This isn't the google toolbar but simply the search embeded onto every Internet Explorer 7. (You can change it to a different search)

Share this post


Link to post
Share on other sites

To be honest, I don't use any of googles downloads. After I tried Google player, far to many problems. I know they beta test their stuff for years, I probably downloaded the beta version hard to remember, but there are still problems with them.Google Mail, better known as Gmail, had been beta tested for longer then a year I think. I don't have Gmail, but i've heard it's good. But still are complaints from a few of my friends who do have Gmail.I downloaded the Google sidebar before, hated it. Just a cheap knock off of windows sidebar for vista users. The toolbar, i've never used so I couldn't agree or disagree with you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.