Google Desktop – Still too Scary to Use

Two days ago I started looking for an easy way to search my trillian logs. I came across a google desktop plugin that allows you to search the logs.

Since I didn’t have Google Desktop installed, I figured I’d give it a shot. It all seemed a little too Orwellian for me. Then after reading Rsnakes last two posts about a single xss hole in Google allowing an intrusion vector into your PC, it felt time to turn the thing off.

Now all we need to do is find one XSS hole in allllll of Google where Google’s Desktop reads the header and overwrites it with it’s nonce. The XSS hole reads the nonce, pops an iframe with the data needed for the anti-DNS pinning, spoofs the header and voila, read/write access to Google Desktop.

He even wrote a page that will detect if you are running Google Desktop.

So I’m still looking for the best way to search my trillian logs . . . preferably easier then greap. Any suggestions?

Both comments and pings are currently closed.

4 Responses to “Google Desktop – Still too Scary to Use”

  1. rxbbx says:

    Scary.. its all shit with those things..

  2. reteep says:

    Windows Vista got a Google Desktop like Search integrated 😉

  3. […] * Can’t figure out where to start your affiliate marketing? Here is a good starting point. Just don’t put it on your desktop. I for one welcome our new Google Communist overlords. […]

  4. […] E che cosa succederebbe se qualcuno tentasse di caricare un file dal vostro computer locale su quella determinata porta e verificasse se la richiesta è andata a buon fine? Succederebbe quello che avviene esattamente in questa pagina dove con un semplicissimo JavaScript chiunque può capire se avete o meno installato Google Desktop. A quale scopo? Intanto “per conoscenza”, poi magari per lanciare qualche attacco XSS come afferma il blog SEO Black Hat. […]