http://www.informationweek.com/news/internet/security/showArticle.jhtml?articleID=214501974&subSection=News
"The emergence of Web applications that function offline through technologies like Google Gears brings with it new risks: server-side attacks that can access client-side data.
In a presentation at the Black Hat conference in Washington, D.C., on Wednesday, Michael Sutton, VP of search research for Zscaler, demonstrated how a Google Gears-enabled Web service called Paymo.biz could be attacked using a cross-site scripting (XSS) vulnerability so that data stored in a user's local Google (NSDQ: GOOG) Gears database could be accessed or altered. ...." |
This is not news. if you use gears you should already be aware that XSS will be even more dangerous.
If you have an XSS exploit on your website your personal data was already at risk. Gears doesn't change that. |