Watchfire by now released an extensive, illustrated whitepaper [PDF] describing the vulnerability. It’s well worth a read, if only to get your head around the type of exploit, and how hackers are able to find the most exotic “uses" for plain cross-site scripting (XSS) holes. With an active exploit, an attacker was able to ...
... search for and immediately find sensitive information including Office documents, media files, email (in many cases, even deleted ones), Web history cache, chat sessions, and an extensive chronologic record of the user’s activity on his/her personal or corporate computer.
Watchfire lists some example exploits which show the broad scope of this vulnerability:
• Sensitive information: Search for the terms ’confidential’ or ’top secret’.
• Password theft: Search for ’username’ or ’password’ keywords and extract authentication information from mails/files.
• Bank information: Search for bank keywords and find Bank Web pages Google Desktop indexed, along with sensitive information.
• Track user activities: Google Desktop’s “Timeline View” option presents an extensive [chronological] log of files edited by the victim and Web sites visited, along with cached versions of both.
What’s more, an attacker was able to launch executables on the victim’s computer. (The whitepaper notes that if an attacker is able to create a public share accessible by the victim, they could even drop a malicious EXE on this share to completely compromise the victim’s computer).
AP quotes Google having said they have “no evidence the vulnerability was exploited” (which is very different from saying they have evidence that the vulnerability was not exploited – it may have been exploited, and Google just doesn’t have the tools to track this).
>> More posts