Google Blogoscoped


Black Hat: Google Gears offline data is vulnerable

Juha-Matti Laurio [PersonRank 10]

Saturday, February 21, 2009
14 years ago2,965 views

"The emergence of Web applications that function offline through technologies like Google Gears brings with it new risks: server-side attacks that can access client-side data.

In a presentation at the Black Hat conference in Washington, D.C., on Wednesday, Michael Sutton, VP of search research for Zscaler, demonstrated how a Google Gears-enabled Web service called could be attacked using a cross-site scripting (XSS) vulnerability so that data stored in a user's local Google (NSDQ: GOOG) Gears database could be accessed or altered.

Wouter Schut [PersonRank 10]

14 years ago #

This is not news. if you use gears you should already be aware that XSS will be even more dangerous.

If you have an XSS exploit on your website your personal data was already at risk. Gears doesn't change that.

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!