Feeds

Dangers of the Google tool bar exposed

From annoyances to threats

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

A series of attacks based on a flaw in the way the Google tool bar uses URLs to alter browser settings has been described by Israeli security outfit GreyMagic Software.

In its mildest forms, exploiting the bug will allow an attacker to irritate a user with such stunts as clearing his toolbar history or uninstalling the Google feature. In its worst forms, it can tap keyboard input, re-route searches and allow files to be read and programs to execute in the "My Computer" security zone.

When the bug is exploited using the res:// protocol it becomes most dangerous. The protocol is used to embed and access HTML in an .exe or .dll file.

The GMS advisory with links to harmless, fun demonstrations is posted here.

"Google has been very responsive and quick to produce a fixed version (1.1.59/1.1.60)," GMS says. The Google tool bar has an auto-update feature which ought to have brought the majority of users up to date. ®

Intelligent flash storage arrays

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.