Slashdot | Zero Day Hole In Google Desktop:It's very hard to create security within a single architecture. When you create relationships between disparate architectures, such as an XP environment and a web services model, security becomes very difficult. There are too many affordances, too many gaps that can't be filled, too many emergent behaviors....
... With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), hacker Robert Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop. From the article: 'This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model."...
Sunday, June 03, 2007
Complexity is the enemy of security
There's been such a flurry of patches lately I've given up updating. They come out so quickly there's not time to see which ones are stable and which introduce new problems. I hope we get a quiet week to catch up. In the meantime, I was struck by this statement:
No comments:
Post a Comment