Google Blogoscoped

Forum

Black Hat: Google Gears offline data is vulnerable

Juha-Matti Laurio [PersonRank 10]

Saturday, February 21, 2009
11 years ago2,525 views

informationweek.com/news/inter ...

"The emergence of Web applications that function offline through technologies like Google Gears brings with it new risks: server-side attacks that can access client-side data.

In a presentation at the Black Hat conference in Washington, D.C., on Wednesday, Michael Sutton, VP of search research for Zscaler, demonstrated how a Google Gears-enabled Web service called Paymo.biz could be attacked using a cross-site scripting (XSS) vulnerability so that data stored in a user's local Google (NSDQ: GOOG) Gears database could be accessed or altered.
...."

Wouter Schut [PersonRank 10]

11 years ago #

This is not news. if you use gears you should already be aware that XSS will be even more dangerous.

If you have an XSS exploit on your website your personal data was already at risk. Gears doesn't change that.

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!