Google Blogoscoped

Forum

Black Hat: Google Gears offline data is vulnerable

Juha-Matti Laurio [PersonRank 10]

Saturday, February 21, 2009
13 years ago2,863 views

http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=214501974&subSection=News

"The emergence of Web applications that function offline through technologies like Google Gears brings with it new risks: server-side attacks that can access client-side data.

In a presentation at the Black Hat conference in Washington, D.C., on Wednesday, Michael Sutton, VP of search research for Zscaler, demonstrated how a Google Gears-enabled Web service called Paymo.biz could be attacked using a cross-site scripting (XSS) vulnerability so that data stored in a user's local Google (NSDQ: GOOG) Gears database could be accessed or altered.
...."

Wouter Schut [PersonRank 10]

13 years ago #

This is not news. if you use gears you should already be aware that XSS will be even more dangerous.

If you have an XSS exploit on your website your personal data was already at risk. Gears doesn't change that.

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!