Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zero Day Hole In Google Desktop

Zonk posted more than 7 years ago | from the please-stop-the-internet-from-leaking dept.

Google 113

40by40 writes "A Web application security specialist has figured out a way to launch man-in-the-middle attacks against a computer with a fully patched Google Desktop installed. With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), hacker Robert Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop. From the article: 'This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model. As Google's site is unencrypted, and they place their content that can run executables on their site, it can be subverted by an attacker," Hansen warns. Hansen's advisory comes just days after a Chris Soghoian's exposé of a similar man-in-the-middle attack scenario against a remote vulnerability in the upgrade mechanism used by a number of commercial Firefox extensions.'"

Sorry! There are no comments related to the filter you selected.

Google operating system? (2, Interesting)

Oldsmobile (930596) | more than 7 years ago | (#19358261)

Google should stop screwing around and just bite the bullet: develop your own operating system based on Linux and get it over with. Windows Vista is down, kick them in the nuts when you can!

Re:Google operating system? (4, Funny)

ajanp (1083247) | more than 7 years ago | (#19358313)

I can see it now... A future where mankind lives in a free and secure society where we all live together in bliss running our favorite open-source customized version of the iGOOGLE operating system that checks our mail, orders our groceries, and feeds the cat without any human interaction.

Re:Google operating system? (5, Funny)

yintercept (517362) | more than 7 years ago | (#19358565)

"... and feeds the cat ..."

You need to change this to read: "feed a cat". Google will feed your cat up until the index change after which it will start feeding another cat. To be grammatically precise: "a cat" will be fed. There is just no guarantee that it will be "the cat."

Re:Google operating system? (-1)

Anonymous Coward | more than 7 years ago | (#19360143)

Thus revealing "score some pussy" as the inner meaning of "do no evil". Put the googler in you in her.

Re:Google operating system? (1)

fl!ptop (902193) | more than 7 years ago | (#19362455)

To be grammatically precise: "a cat" will be fed.

after it feeds 'a cat', will google then take a picture of it too? [boingboing.net]

Re:Google operating system? (4, Interesting)

AKAImBatman (238306) | more than 7 years ago | (#19358381)

develop your own operating system based on Linux and get it over with.

No offense to Linux, but I think that would offend Google's sense of style. Unix-style OSes are great when you need low-level access to the hardware (e.g. GoogleFS), but don't infer any sort of inherent advantage in the desktop arena. In fact, the classic Unix design is very desktop unfriendly, which is why all kinds of user-friendly packages like automounter have been created.

Given the number of Ph.D. brainiacs Google has their hands on, I would expect them to create a new OS from the ground up that is more focused on the issues of dealing with the web and network in general. e.g. If it can be coded to avoid buffer overflow situations, that would be a great start. Greater focus on caching services and integrated URL handling might also be things you would see more of. Unicode everything rather than dealing with different text formats. (Incoming formats would need to be converted before they could be used.) Overall minimalist design. i.e. Don't include anything that isn't absolutely necessary to getting the job done. (Compare: The number of features on Google homepage to the number of features on the average Linux desktop.)

I will happily eat crow if Google ever produces a Linux desktop, but gut instinct says that they won't. So don't get your hopes up.

Re:Google operating system? (1)

aichpvee (631243) | more than 7 years ago | (#19358687)

My Linux desktop has like 3 buttons, the pager, and a clock on it. What's your point? I agree we won't likely see a Google Linux distribution, but not for the reasons you stated.

Re:Google operating system? (1)

bberens (965711) | more than 7 years ago | (#19359915)

There's already a Google operating system. What's running the Google enterprise appliances? Plus it's well known they have their own linux distro used only within the Goog.

Re:Google operating system? (1)

compro01 (777531) | more than 7 years ago | (#19360359)

i was fairly certain they use redhat with some custom software running on that.

Re:Google operating system? (1)

xdotx (966421) | more than 7 years ago | (#19361751)

Reportedly, they indeed have many. They don't just have their own distro; apparently they have internal, customized versions of MOST of the main distros. Don't worry, they send all (or most) bug reports, fixes, etc back to the main branch.

Re:Google operating system? (1)

Colin Smith (2679) | more than 7 years ago | (#19358695)

In fact, the classic Unix design is very desktop unfriendly.
Unix design has nothing to do with good/bad desktop. c.f. NeXT, OSX. The desktop apps could treat devices as raw block devices if they wanted, no file system mount semantics to worry about.

 

Re:Google operating system? (4, Interesting)

poopdeville (841677) | more than 7 years ago | (#19358731)

In fact, the classic Unix design is very desktop unfriendly, which is why all kinds of user-friendly packages like automounter have been created.

Your point is pretty vacuous. The user-friendly packages already exist, and as OS X and Ubuntu (as a Linux example) show, can be used to great effect.

But you're right. Google won't produce a Linux desktop. They'll probably use a BSD variant, should they ever produce a desktop at all.

Plan 9? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#19358735)

new OS from the ground up that is more focused on the issues of dealing with the web and network in general


Plan 9?

armchair OS designer's reading list (3, Informative)

Gary W. Longsine (124661) | more than 7 years ago | (#19359153)

Hrm... you seem unaware that the very desktop (and mobile) friendly Macintosh and the coming generation of iPhones, iPods, and probably other digital appliances from Apple are based on a real UNIX underneath? The UNIX foundation of the system design is partly responsible for the rapid pace of evolution of Mac OS X [apple.com] .

Although extreme hubris might combine with extreme resources (both dollars and talent) at Google to lead to the creation of an entirely new OS from the ground up, there may not be any need for that. The UNIX wheel is relatively round these days, particularly considering the Mac OS X / OSX example. Better yet, UNIX is nicely modular. If anyone devises a clever way to "avoid buffer overflow situations" it seems likely, on the basis of past evidence concerning technology development and adoption within UNIX systems in general, that it would be easier to integrate that language and compiler, or whatever technology it happens to be, into a UNIX operating system than it would be to create a fully capable system on top of it from whole cloth.

Since you seem genuinely interested in the topic, here are some reasonable books on operating system design which you might enjoy.

The Design and Implementation of the 4.4 BSD Operating System [amazon.com]
Design of the UNIX Operating System [amazon.com]
Operating System Design: The Xinu Approach [amazon.com]
UNIX Internals: The New Frontiers [amazon.com]
Mac OS X Internals: A Systems Approach [amazon.com]
Solaris Internals [amazon.com]


The other issues you raise are largely issues of interface design, which the open source community seems to do rather poorly, or at least not as well as it does other things. Google certainly does not need to re-invent the entire operating system wheel to improve URL integration, or provide a "minimalist" desktop interface, for example. They don't even need to strip features, really. Mac OS X, for example, provides enough of a minimalist default interface that novice computer users are comfortable with it. A Linux based OS from Google could take a similar approach, perhaps being even more spartan in the basic features, if that's really a desirable goal (which is another question entirely).

Re:armchair OS designer's reading list (4, Informative)

AKAImBatman (238306) | more than 7 years ago | (#19359573)

armchair OS designer's reading list

That's great. When you graduate beyond armchair reading, perhaps you might consider getting out of your chair and learning about actually designing an Operating System [osdev.org] ? It's a very rewarding experience and teaches one about all the wonderful spagetti and legacy problems inherent in designs like Unix. It even shows how the greater resources present in modern computers can be utilized to reduce or eliminate the problems exhibited by previous OSes.

who disturbs our meditation... (1)

Gary W. Longsine (124661) | more than 7 years ago | (#19361099)

... as a pebble disturbs the stillness of the pond? [Ti Kwan Leep] [webguys.com]

A programmer who is too proud to think about how other people solved the problem they're looking at is much more likely to invent a wheel with some number of road-contact surfaces "n" where n > 1.

UNIX has survived (indeed thrives) as a result of a number of major refactoring efforts, directed not only at improving the internal architecture, but even the underlying abstractions. Consider Mach and the microkernel revolution, which resulted in nearly every major operating system kernel being refactored to accomodate the design abstractions described in Programming Under Mach [amazon.com] . And now class, let us rejoin the mind to the body and gaze into the heart of the candle in meditation.

Re:who disturbs our meditation... (1)

AKAImBatman (238306) | more than 7 years ago | (#19361261)

Let me spell it out for you:

* POSIX is Broken. With a capital B. The mere availability of it creates buffer overflows.
* The wonderful design abstractions of OS X are pulled from another complete redesign: Into ObjectiveC
* Mach is a very, very, very bad production kernel that Apple has had the displeasure of trying to hack into something that works well. Absolutely no one refactored their kernels around the Mach design, because it was slower than molasses running uphill in January. That wasn't a core problem with Microkernels in general (see:QNX), only the fact that Mach was an early research platform. It never should have been embreaced by NeXT. But it was, so Apple makes lemonade.
* As long as you let unchecked buffers run rampant through your system, you're going to have security problems.
* A good security infrastructure starts with a secure execution environment and no direct access to memory.
* Minimalist design means "minimalist". As in, get it right or get rid of it. Don't pile a hack on top.
* Wouldn't it be nice to have a filesystem built around search rather than POSIX? Even Google knows that, but they have to put a patch on top of the existing OSes.
* Your average desktop user doesn't care if BASH compiles or not.
* The GNU Build system is about as much fun as pulling your teeth out with a branding iron.
* Can't say that most other C build systems are much better.
* Mono is the new model of branding iron.
* Have you tried ANT? Perfect example of what modern technology free from the shackles of cruft can do. Ahhh.

Here's your Zen tip for the day: Man who fails to broaden his OS Design horizons past books on Unix internals is doomed to reinvent Unix. Badly.

Oh my, so much FUD, so little time... (1)

Gary W. Longsine (124661) | more than 7 years ago | (#19361677)

You wrote:

Let me spell it out for you
Well, I'm sorry to be the bearer of bad news, but you haven't spelled anything out. In fact, you've accidentally helped me develop my case. We'll get to that in a moment, but first let me mention that interlocking design elements of the CPU, compilers, and programing languages combine to make buffer overflows possible.

To the extent that portions of POSIX are specified in terms of C or assume C language features, and to the extent that such dependencies upon the nature of the C language, compiler, and host CPU make buffer overflows possible, then, yes, you could say POSIX is broken. However, there is a corpse missing. If it were POSIX that were responsible for buffer overflows, then Microsoft's nortoriously broken implementation of POSIX on Windows NT/2000/XP should have either insulated them from buffer overflows (because it didn't work any better for worm authors than for anybody else), or exposed them to myriad POSIX exploiting buffer overflows (because it somewhat worked, and the presence of POSIX was responsible for buffer overflows). In point of painfully obvious fact, neither happened. It is the Win32 and related Microsoft API, not POSIX, that exposed Windows users to rather more buffer overflows than all the factually POSIX compliant systems on the planet combined. Yeah, the POSIX API is a little long in the tooth, and sure, parts of it are sub-optimal, broken if you like, but certainly not directly and soley responsible for buffer overflows as you imply. Good grief that's a silly notion. Where are all the POSIX worms? Last I checked, Win32 and application worms dominated.

Furthermore, it's certainly possible to dramatically reduce the exposure of a UNIX operating system like Linux or Mac OS X to buffer overflows, by re-implementing certain widely used network-facing services in a more secure language like Java. Why are BIND, Sendmail, IMAP servers, file servers like Samba, and application servers like Apache still largely written in C based languages? POSIX certainly isn't to blame for that. You can't even blame the limited POSIX security model, since it's been extended with more modern ACLs for quite some time. In most cases, we can't even blame language performance issues. In contrast with its reputation for poor performance on GUI tasks, Java gets pretty good marks for raw server side type benchmarks. Whey don't we see one or more of these projects refactoring in Java? Nothing about the modular flexible nature of the UNIX architecture prevents this.

The FUD about Mach is likewise painfully tedious. Mach's infamous performance problems apply to research versions of the kernel that neither NeXT, nor Apple, nor DEC, nor IBM, nor anybody else who's using Mach parts in their kernel ever shipped. Aside from being utterly irrelevant on the grounds that no shipping product was observed to have them, the performance problems were largely due to issues that don't apply when the UNIX server is compiled in with the Mach kernel, as it is with the BSD server in Mac OS X. Those infamous performance problems were due to the research attempt to run the API server in user space, so that the kernel could support multiple "OS personalities", and so that an execution thread could be made more easily migratable from one host OS instance to another. Those were a couple of interesting goals that appealed to a few geeks and super computer researchers, but were not relevant to a desktop or server operating system. Nothing much was sacrificed when Mach and BSD were united in one happy binary.

Conduct a little thought experiment. If there existed a massive performance delta in raw kernel performance between, say, Mac OS X and Linux, it would be easy to demonstrate, if, say, you could run both kernels on the same hardware easily, say, an iMac, Mac Mini, MacBook, etc. These problems would be widely documented by now, many months after the Intel platform equalized the hardware baseline for head-to-head performance comparrisons on the "most highly optimized" platform for Linux. Unless I missed something, there doesn't seem to be a blogsphere buzzing about the Mach achilles heel.

So, where is this infamous Mach peformance problem hiding? Will it bite Apple in the future when they are shipping 16 or 32 CPU systems? Somehow I doubt it. In any case, it doesn't seem to be very severe on currently relevant hardware since it's not getting any attention. Rather than a grand conspiracy to hide the Mach Performance Problem, I suspect the total lack of evidence to be related directly to the benchmarks that people have run which generally show Mac OS X better at some things, and Linux better at others. Not much of a shock. But why do people keep trotting out this tired, irrelevant and obviously bogus anti-Mach FUD? Could you be... an ex-Apple employee who was ticked off because you like Linux better? Or are you an agent of the Beastmaster aka S A T A N [Church Lady] [wikipedia.org] ?

Furthermore, the majority of your list is just a waste of your time, as it serves to demonstrate the nice modularity of the general UNIX design and make my case. Make drove you crazy (heh) and now you can use Ant. Hooray! What if some aspect of make was built into your filesystem? Might make it a little harder to replace it with a free standing system like Ant, eh? Might make it harder to support more than one filesystem.

Search built into the filesystem? No, thanks. Microsoft tried that several times (Cairo and Longhorn being the most widely publicized iterations) and utterly and spectacularly failed. Meanwhile, on UNIX, Apple managed to create a decent system for search that can be implemented essentially on any modern fileystem.

As filesystems go, ZFS is pretty darned cool. It might become the dominant filesystem on UNIX servers in a relatively short time. If you had a bunch of irrelevant crap built into your filesystem, it would make it harder for the system as a whole to evolve, due to interlocking parts that shouldn't interlock.

Do yourself a favor and get your meds checked.

Re:who disturbs our meditation... (0)

Anonymous Coward | more than 7 years ago | (#19362439)

>Wouldn't it be nice to have a filesystem built around search rather than POSIX?

Ok, this one _proves_ you're an idiot. You shouldn't put too much hyperbole in one post man, otherwise you might have slipped through.

Re:armchair OS designer's reading list (1)

pschmied (5648) | more than 7 years ago | (#19361725)

That is an excellent collection of reading material.

I periodically hear arguments like that of the original poster. They are mostly misinformed. It has taken Microsoft a very long time and vast fortunes to get their OS to a point where it competes with the UNIX architecture (for varying measures of 'compete').

Now, yes, Google probably has loads of people smart enough to do original OS research. In fact, it's obvious that they've done some pretty fundamental computer science work already. However, they are also probably smart enough not to throw out a tested architecture in favor of Something Else--at least if they decided to get into the consumer OS game.

Google needs to burn brain cycles on their own Taligent / Copland / Whatever OS like they need a hole through the head.

Re:armchair OS designer's reading list (0)

Anonymous Coward | more than 7 years ago | (#19362383)

> Google certainly does not need to re-invent the entire operating system wheel

uh oh, here come the car analogies again...

gears.google.com (1)

SashaMan (263632) | more than 7 years ago | (#19359337)

Have you seen gears.google.com? It's technology that lets you run web apps offline. Basically, this gets rid of one of the biggest complaints about web apps like google spreadsheet and docs. I think technology like this will eventually put the nail in the coffin for a large class of desktop-only apps.

Re:Google operating system? (1)

a.d.trick (894813) | more than 7 years ago | (#19360167)

Compare: The number of features on Google homepage to the number of features on the average Linux desktop

A bad metaphor is like a leaky screwdriver. Seriously, there are significant differences between how those two are used. Google's homepage *might* be comparable to something like the Beagle UI, in which case I think Beagle beats Google (slightly) for the minimalism award.

Re:Google operating system? (0)

Anonymous Coward | more than 7 years ago | (#19360319)

Look up goobuntu. It's an ubuntu variant google developed for in-house use. Granted, they have no intention of releasing it, but the question remains: would you like that crow rare, medium, or well done?

Re:Google operating system? (0)

Anonymous Coward | more than 7 years ago | (#19360447)

I think he knows about Gobuntu [slashdot.org] . Or were you being intentionally obtuse?

Google operating system? WHY??? (3, Insightful)

gnuman99 (746007) | more than 7 years ago | (#19360967)

Why on this Earth would Google want an OS?? They already have it - it is called "The Browser". That's what they use to make money. They may want to extend its usage, but I doubt that Google will ever want to deal with the "desktop" in the same way as Microsoft, Apple or Linux community.

Google is about control. They want to control your information for their own profit. They show it again and again. That's how they make money. The more targeted the ads, the more money they can make. The only competitor I think they may have here is Amazon, but that only deals with your book preferences. Google wants your wants so they can sell something from one of their customers.

Thus it is NOT in the interest of Google to make a desktop. They are not in the business of making software like MS or Apple or GNU or even IBM. They are in business to manage information about you and me. Their "free" solutions are just there so you can give them more info about yourself.

Hope that is clear enough.

Re:Google operating system? WHY??? (1)

AKAImBatman (238306) | more than 7 years ago | (#19361339)

Actually, I agree with you 100%. I'm just tired of hearing about Linux-based GoogleOS, so I figured I'd point out that if Google *did* implement a Desktop OS, it probably wouldn't be Unix. ;-)

Re:Google operating system? (1)

tokul (682258) | more than 7 years ago | (#19362231)

Ph.D. brainiac won't start creating new OS from the scratch, when there are working free alternatives. On new OS he or she will have to deal all hardware and software issues instead of dealing only with network and web.

Re:Google operating system? (4, Funny)

Anonymous Coward | more than 7 years ago | (#19358387)

GoOSE:
GOoogle Operating System Environment

Gotta teach those penguins a lesson sometime...

Re:Google operating system? (5, Funny)

Anonymous Coward | more than 7 years ago | (#19358769)

Google Operating And Time Sharing Environment.

Re:Google operating system? (0)

Anonymous Coward | more than 7 years ago | (#19360093)

Anonymous Coward wrote:

Google Operating And Time Sharing Environment.
Will the development package be the . Common eXtensions?

Re:Google operating system? (1)

InterruptDescriptorT (531083) | more than 7 years ago | (#19360483)

Google Operating And Time Sharing Environment

Nah, it would be too insecure. It's only got one ring...

Re:Google operating system? (0)

Anonymous Coward | more than 7 years ago | (#19360743)

Isn't GOOSE the third iteration of the original DUCK technology?

DUCK
DUCK
GOOSE

Re:Google operating system? (1)

creativeHavoc (1052138) | more than 7 years ago | (#19358395)

while i am sure it would be nice, people who use linux are more likely to look at google as a threat, and people who don't use linux probably wont re-install their operating system just because google comes out with their own version... look how much work they need to put into just getting people to use the image and other various searches they have,

Re:Google operating system? (2, Insightful)

Hucko (998827) | more than 7 years ago | (#19360423)

I think it would better to be based on Plan 9. But no one talks it anymore. Is development still continuing?

deep integration is a good idea (5, Insightful)

Gary W. Longsine (124661) | more than 7 years ago | (#19358347)

This should drive home the point that connections should flow over encrypted tunnels whenever possible, to reduce the ease of performing man in the middle attacks. If this session flowed over an SSL style connection, the man in the middle would first need to figure out how to get into that session. That strategy seriously reduces the places where malicious code can exist "in the middle". Don't throw the baby (rich client interaction with services in the cloud) out with the bathwater.

Re:deep integration is a good idea (1)

bendodge (998616) | more than 7 years ago | (#19358987)

And Google should automatically reroute http://mail.google.com/ [google.com] to https://mail.google.com./ [mail.google.com] I get very tired of manually typing the https:/// [https] and it seems like a no-brainer. (yeah, there's always a special case, so just add an explicit option not to.)

Re:deep integration is a good idea (1)

notclive (1091063) | more than 7 years ago | (#19359405)

If you use firefox you could use the better gmail extension it has an option to force https http://lifehacker.com/software/gmail/lifehacker-co de-better-gmail-firefox-extension-251923.php [lifehacker.com]

Re:deep integration is a good idea (1)

Threni (635302) | more than 7 years ago | (#19363445)

> If you use firefox you could use the better gmail extension it has an option to force https

But then I'm trusting the extension author too. Do you know him? I don't.

Re:deep integration is a good idea (0)

Anonymous Coward | more than 7 years ago | (#19364749)

Do you know anyone at Google to know that your stuff is safe anyway? It's all very well accessing it via a secure URL, but what if Google themselves aren't secure? You have to take a risk sometime, else what are you even doing on the net...?

Re:deep integration is a good idea (1)

gavinchappell (784065) | more than 7 years ago | (#19362757)

If you're a Mozilla user, try the CustomiseGoogle extension. Automatic redirection to https:/// [https] for multiple sites (mail, calendar, reader, etc, etc) so even if someone sends you an insecure link you'll still get the SSL site.

Re:deep integration is a good idea (1)

fatalfury (934087) | more than 7 years ago | (#19364779)

http://mail.google.com as well as http://gmail.com already automatically redirect to https://

Update your bookmarks?

Re:deep integration is a good idea (1)

bakuun (976228) | more than 7 years ago | (#19358989)

This should drive home the point that connections should flow over encrypted tunnels whenever possible, to reduce the ease of performing man in the middle attacks. If this session flowed over an SSL style connection, the man in the middle would first need to figure out how to get into that session. That strategy seriously reduces the places where malicious code can exist "in the middle". Don't throw the baby (rich client interaction with services in the cloud) out with the bathwater.
However, that comes at a computational cost. CPU time will have to be spent on encryption/decryption, both on the client and on the servers in Google's data centers. I am not saying that it wouldn't be a good idea, but a safe version which does not rely on encrypted tunnels might be more efficient.

Re:deep integration is a good idea (0)

Anonymous Coward | more than 7 years ago | (#19359143)

The 90's called, they want your threat model back.

"That strategy seriously reduces the places where malicious code can exist "in the middle"


Where can malicious code come from if you visit this link?

https://www.comcast.com/Corporate/Customers/Custom erCentral.html?errorMessage=%3Ciframe%20%20src=htt p://www.javascript.com%3E [comcast.com]

Re:deep integration is a good idea (0)

Anonymous Coward | more than 7 years ago | (#19359293)

The Illiad Greeks called, they want your intrusion method back.

Is it as big as goatse's hole? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19358353)

Goatse's big hole. [goatse.cz]

Re:Is it as big as goatse's hole? (1)

iumn (1110395) | more than 7 years ago | (#19359091)

I seriously doubt it. Goatse's hole is really big.

Google imitating Microsoft security holes. (4, Insightful)

Animats (122034) | more than 7 years ago | (#19358365)

By now, everybody developing browser components should know that you do not provide functions which can execute arbitrary programs.

Usually, it's Microsoft doing this, with Outlook, IE, Office, etc. launching other applications. This is the source of most of the vulnerabilities involving web browsing. Now we have Google competing to offer similar security holes.

All this browser stupidity must stop. (0)

Anonymous Coward | more than 7 years ago | (#19358619)

It's time for this app-in-the-browser stupidity to stop. The web browser was initially developed to display documents, and allow for navigation between such documents. Since then, we've had a variety of parties add all sorts of crap onto that: JavaScript, ActiveX, Java applets, Flash, AJAX, etc. And what have we found? A lot of trouble, and little benefit.

As is shown here, security holes become a very major problem. The software itself becomes difficult to develop, let alone test on the wide variety of browsers that are out there. And even then, the software itself doesn't perform very well, and lacks many features.

We already have a variety of secure, sensible methods of remotely viewing desktops. X11 over SSH is one option. VNC is another. So perhaps what Google should be doing is offering their hosted services, but instead of going through a web browser, they should provide a simple, easy-to-use X11 server for Windows that works well over low-powered connections. Those of us running Linux, BSD or Mac OS X can directly use the X11 capabilities that are usually inherent to our OSes. Regardless, we connect to Google's servers, have our data stored there, and just view it remotely. Hell, we could even run a web browser (Firefox, Opera, Konqueror, etc.) on their system if we really needed to view web pages from within their client application.

The more shit we throw onto a browser, the crappier it'll get. We'll be facing more and more security glitches, browser bloat, and shitty experiences.

Re:Google imitating Microsoft 's ActiveX (4, Insightful)

EraserMouseMan (847479) | more than 7 years ago | (#19359189)

We'd better get used to Google becoming the butt of jokes usually aimed at ActiveX. Google Gears, Google Desktop, Google whatever. We now reaize that the developers that develop these technologies simply get traded between the big 3 (Google, MS, Yahoo) and others.

Are we all finally realizing that Google writes insecure apps just like ever other software development company that is made up of humans?

Re:Google imitating Microsoft 's ActiveX (1)

BeanThere (28381) | more than 7 years ago | (#19362477)

Ah, the old fallacy that "secure" is a binary value, i.e. that something is either secure or not, and the false conclusion that all apps that aren't 100% secure are all equally insecure.

Re:Google imitating Microsoft security holes. (1)

slashthedot (991354) | more than 7 years ago | (#19359281)

True. Also, a program expanded in functionalities to do more tasks than it was initially designed for is a major source of software bugs.

Re:Google imitating Microsoft security holes. (4, Informative)

WalterGR (106787) | more than 7 years ago | (#19359411)

you do not provide functions which can execute arbitrary programs.... This is the source of most of the vulnerabilities involving web browsing. Now we have Google competing to offer similar security holes.

Firefox offers the exact same mechanism. Firefox extensions can contain (and run) executable code. (See below.)

As the Greasemokey security vulnerability [oreillynet.com] demonstrated, web pages can "script" Firefox extensions.

ActiveX = executable code + scripting from the web browser. Firefox extensions introduce the same risks as ActiveX.

Take for instance FoxyTunes [mozilla.org] , which is listed on the Recommended Add-ons [mozilla.org] page. Download the XPI file, rename it to ZIP. Open it in WinZip or whatever. You'll notice several files:

  • FoxyTunes.dll
  • FoxyTunes.dll.linux
  • FoxyTunes.dll.mac
  • FoxyTunesBonobo.so.file

DLL files are executable code on Windows. I'm assuming the *.linux and *.mac are similar. SO files are executable code under Linux, not sure why it has .file after it. I'm sure there are more extensions with executable code, that was just the first I looked at. Look for any extension that integrates with external software - almost always there will be a DLL or EXE.

Logical (1, Redundant)

El Lobo (994537) | more than 7 years ago | (#19358373)

Firefox is getting more popular--> the number of attacks is rising

Google apps are getting more popular--> Ditto

When the popularity of a software approach a critical mass, the probability of exploits appearing approachs 1.

Re:Logical (5, Insightful)

maelstrom (638) | more than 7 years ago | (#19358401)

Yeah for sure, now that Apache runs 60% of the Web, all those crackers are finding tons of exploits for it everyday!

Re:Logical (3, Informative)

snarkbot (1074793) | more than 7 years ago | (#19358557)

Yeah for sure, now that Apache runs 60% of the Web, all those crackers are finding tons of exploits for it everyday!
http://search.cert.org/query.html?col=certadv&col= vulnotes&qt=apache&charset=iso-8859-1 [cert.org]

Yes, Apache has a good reputation for security, but like most popular, complex programs, its history is far from exploit-free.

-snarkbot

Re:Logical (0)

Anonymous Coward | more than 7 years ago | (#19359175)

Apache is a single, central point of logic (single server side service). Google desktop is distributed (thick client combined with multiple server side services). Securing a distributed app is more complex than securing a centralized app.

pwnt! (0)

Anonymous Coward | more than 7 years ago | (#19358393)

Will the google fanboys please step up and tell us how this doesn't matter?

Re:pwnt! (3, Funny)

chris_mahan (256577) | more than 7 years ago | (#19358431)

It doesn't matter. Google desktop does not run on Ubuntu...

What?

Re:pwnt! (1)

3p1ph4ny (835701) | more than 7 years ago | (#19358501)

But (s)locate does, which is basically the same thing except that I don't have to worry about it sending my info to google.

Re:pwnt! (1)

abigor (540274) | more than 7 years ago | (#19359431)

What? All slocate does is find files. It is not even close to the same thing. Spotlight is a better example.

Re:pwnt! (2, Informative)

JFitzsimmons (764599) | more than 7 years ago | (#19360969)

*beagle

Easily solved (4, Informative)

tedhiltonhead (654502) | more than 7 years ago | (#19358413)

It sounds like this takes advantage of the "Google Integration" feature, where the Google Desktop software adds a link to your Google search results page. I found his explanation rather unclear, but it sounds like you can avoid this by going into Google Desktop's preferences, then the Display tab, then un-checking the last checkbox, "Show Desktop Search results on Google Web Search result pages".

I've always thought that was a scary idea anyway, since my desktop content should be in a clearly-partitioned security domain from Web content.

Re:Easily solved (0)

Anonymous Coward | more than 7 years ago | (#19358653)

I've always thought that was a scary idea anyway, since my desktop content should be in a clearly-partitioned security domain from Web content.

It is. Google desktop detects when you query Google's site and runs a query on your local data. Then it intervenes the incoming response and attaches the results from your local search with the results you get back from Google.

Kind of a search mashup if you will. It "looks" like everything is coming from Google, but the local search and index never leave your hard-drive (unless you check the advanced features and enable multiple desktop search, which Google made *very* clear in the installation).

Re:Easily solved (1)

tedhiltonhead (654502) | more than 7 years ago | (#19359241)

You're right, that's how it works. What I meant by being in a different security domain was that currently, Google Desktop effectively "reaches out" from the Web pseudo-sandbox, over the "partition", into the desktop environment, all within the currently-loaded Google results page. Even though all the data and search results are still on my machine, they become opened up to the more-hostile Web environment when they shouldn't.

Re:Easily solved (1)

linuxfanatic1024 (876800) | more than 7 years ago | (#19361223)

And what on Earth is that supposed to mean?

A little over blown perhaps? (4, Insightful)

140Mandak262Jamuna (970587) | more than 7 years ago | (#19358425)

Basic premise of the whole scheme sketched out in the article seems to be having a man in the middle. May be an evil twin router offering network connection near a coffee shop or a malicious lap top in an airport faking an "infrastructure mode" SSID in ad-hoc mode or something like that.

Once you are compromised this way the attack tries to take advantage of cross scripting vulnerabilities in a browser to run code in the compromised machine. I am not sure if there is anything unique to Google Desktop here. Could the same attack take advantage of the numerous ActiveX vulnerabilities?

Is the "security expert" trying to get more mileage by listing each exploitable hole of a man-in-the-middle attack as a separate discovery?

Definitely overblown (3, Insightful)

brennz (715237) | more than 7 years ago | (#19358683)

I think the premise of the article is rather stupid in fact.

It is not Google's job to provide a secure channel.

I guess when I do a MITM attack to capture login prompts and transparently proxy that is google's problem also?
Or when I resolve DNS queries to my own box, that is likewise google at fault?

Lol.

Re:Definitely overblown (2, Insightful)

Anonymous Coward | more than 7 years ago | (#19358751)

If the "login prompts" aren't being done over SSL, then yes.

Re:Definitely overblown (5, Insightful)

CrazyBrett (233858) | more than 7 years ago | (#19359237)

It is not Google's job to provide a secure channel.

Yes, it is. If they're exchanging data between their desktop app and their web service, they need to do encryption and key verification to make sure the pipe isn't compromised. Stuff outside of that (like local keyloggers) is your concern, or someone else's. But between their two endpoints, they need to secure the channel.

Re:Definitely overblown (4, Insightful)

naasking (94116) | more than 7 years ago | (#19359449)

I guess when I do a MITM attack to capture login prompts and transparently proxy that is google's problem also?
Or when I resolve DNS queries to my own box, that is likewise google at fault?


Don't be daft, SSL was created to prevent exactly these attacks, so why isn't it being used? Why does the Google toolbar submit all your potentially authority-bearing https urls to their anti-spam service in clear text? As good as Google is in certain areas, they're absolutely horrid when it comes to basic security measures.

Re:Definitely overblown (1)

kcurrie (4116) | more than 7 years ago | (#19360927)

> Don't be daft, SSL was created to prevent exactly these attacks, so why isn't it being used?

Because it takes lotsa CPU or dedicated SSL engines to encrypt that many connections.

Re:Definitely overblown (1)

Shippy (123643) | more than 7 years ago | (#19360955)

I think they have enough money to take care of that.

Re:Definitely overblown (1)

trifish (826353) | more than 7 years ago | (#19361731)

SSL was created to prevent exactly these attacks, so why isn't it being used?

Easy one. Because the overall CPU load in the data centers goes up dramatically.

Re:A little over blown perhaps? (3, Informative)

qbwiz (87077) | more than 7 years ago | (#19359081)

I think that ActiveX components are signed/named, so there wouldn't be as much of a problem with them. Don't quote me on that, though.

edi3k (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#19358427)

other Members 1n

Disable Indexing of Executables? (3, Informative)

crymeph0 (682581) | more than 7 years ago | (#19358463)

How does one stop Google desktop from indexing executables? When I open the Google Desktop preferences, exe files aren't even listed as something I can index, but search for an executable like hypertrm.exe on Google desktop, and it shows up anyway, which is the 'meat' of this vulnerability.

Google size issues (3, Interesting)

ushering05401 (1086795) | more than 7 years ago | (#19358469)

Anyone want to bet that this is the beginning of a little landslide?

I wish the Google team all the best in dealing with this issue... but I am scratching my head at the speed with which they are attempting to diversify their offerings.

Google did not become a dominant force overnight. They fought battles, learned lessons, and refined/defined search capabilities for the entire world. Why have they been shooting off in a dozen different directions? Is there any way that even they can stay on top of all the little details considering the number of immature products they are floating?

Anyhow, the next couple of days will go a long way towards showing exactly how far the Google team needs to go before I trust them on my desktop. Here's hoping they prove to have the response time/customer centric attitude that made them my preferred search provider.

Regards.

Re:Google size issues (0)

Anonymous Coward | more than 7 years ago | (#19358585)

I'll take that bet. You don't think the hundreds of smart people at Google won't fix this in no time flat? They will also learn from this, and continue to improve.

like they just "improved" news? (0)

Anonymous Coward | more than 7 years ago | (#19360067)

Now you are forced to run JS to get all the "news" features, and running a search takes you to a blank query screen instead of parsing your web search terms into automagically a news search when you mash the "news" button.

Seriously borked and lame. They call it an improvement, I call it they just doubled the complexity of a simple search for no apparent reason other than they could and have a boner now for "everything JS" (or even worse, Flash) like so many other web developer dweebs

Hell, it's working good but we have to justify our jobs! Let's type some crap up and make it more stupid and complicated! yaaaa! Pass another can of red bull!

PhDs = piled higher and deeper sometimes. Or walk !chewgum

Thought is not enough (5, Insightful)

The Clockwork Troll (655321) | more than 7 years ago | (#19358519)

This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model.

"Tremendous thought" is a weaker notion than transparency, public scrutiny, or even rigorous proof, which are really what's required.

Everything else is just hope; hide and seek.

Hopefully Google can learn and set an example here.

installers (5, Insightful)

ruffles321 (1023357) | more than 7 years ago | (#19358537)

this is even more of a problem since more and more installers like Irfanview's or Adobe's include Google Desktop (and/or toolbar) and there is no way to skip them when doing automated installs... what a sick trend.

Re:installers (1)

lejerdemayn (823082) | more than 7 years ago | (#19359347)

erm, when I installed Irfanview I had the option of not installing google desktop

Re:installers (1)

ruffles321 (1023357) | more than 7 years ago | (#19359447)

how about when your installing it silently with switches on 100 machines? no switch for "skip google".

Re:installers (1)

cerberusss (660701) | more than 7 years ago | (#19361447)

This is indeed really sick. Have you contacted the guy who created IrfanView?

Re:installers (1)

ruffles321 (1023357) | more than 7 years ago | (#19361903)

Google's apps are making their way into more and more installers, so I think better way would be adding a switch to the installer. Like "No, I don't want anything except the main app" and that's not Irfanview author's job.

FUD (1, Troll)

umbrellasd (876984) | more than 7 years ago | (#19358635)

'This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model. As Google's site is unencrypted, and they place their content that can run executables on their site, it can be subverted by an attacker," Hansen warns.

This guy is probably funded by M$. I mean, come on. Hello, Mr. FUD. You want to see dangerous deep integration? Internet Explorer. Durr. I have a news flash for this genius. Pretty much nothing is a good idea without giving careful consideration to security. Things like: installing software on your computer (any software), clicking on links in a browser, typing text into your computer, saving files to disk, taking a dump. Yep, pretty much all of them are potentially dangerous.

Web-desktop integration is already here and it isn't going anywhere. It's a perfectly good idea, not a bad one. And because it's a good idea and because it involves your data, it's also a good idea to address security concerns. That is the fair and unbiased statement.

FUD FUD FUD (2, Informative)

sid0 (1062444) | more than 7 years ago | (#19360003)

You want to see sandboxing? IE on Vista. Durr.

Did the industry learn nothing? (3, Insightful)

TheNetAvenger (624455) | more than 7 years ago | (#19358667)

Did the industry and Google learn nothing from the mistakes Microsoft made?

Even MS has done a 180 and with Vista broke all the internal/external links that made XP/ActiveX/IE such a mess. So if MS is smart enough to learn from their mistakes you would thing a company like Google would not go out of their way to emulate the same bad security ideas.

Is it just me, or is Google racing to be the next big evil? Gmail scanning, search data compiling, Firefox reporting, desktop document reporting, and now making really stupid software design decisions?

Re:Did the industry learn nothing? (4, Insightful)

LO0G (606364) | more than 7 years ago | (#19359089)

The problem is that for some people, functionality trumps security every time. It's unfortunate, but true.

Sometime around 2002ish, Microsoft learned (the hard way) that functionality can NEVER trump security, and they've spent the better part of the past 5 years working on fixing the mistakes they made back in the 1990s (when functionality trumped security). You can see the fruits of that in their most recent offerings (IIS6 has had no exploitable holes in the 4 years it's been available, Vista, for all of its compatibility problems has already been shown to be dramatically better than XP was security-wise).

Until all the vendors "get it" and realize that security should win, stuff like this is going to continue to happen.

Re:Did the industry learn nothing? (0)

Anonymous Coward | more than 7 years ago | (#19359223)

Seems like for *all* users, functionality trumps security. Otherwise, we wouldn't own computers, and we certainly wouldn't connect them to the Internet.

Hanging your guts out (3, Interesting)

Colin Smith (2679) | more than 7 years ago | (#19358725)

It's the phrase which springs to mind with "web 2.0" applications. You have an exposed API on both sides, the client and the server.
 

business as usual (3, Interesting)

siddesu (698447) | more than 7 years ago | (#19358873)

installing third-party applications that connect to someplace, download something, and do something on on your machine, and being exposed when those applications are shown to have bugs is news how?

the google engineers aren't magicians. when they develop features, they do so under tight schedule, and make mistakes, especially those hired to code (as opposed to do PR). the only reason there haven't been more problems discovered is likely the fact that they don't distribute much software.

besides, google's main goal isn't promoting security. their primary goal is to hookup lotsa people -- and in their case, that means to deliver applications with lotsa features quickly, because people are hooked on the features, the competition ain't sleeping, and that first-comer advantage matters.

does that remind you of another company? it should, because all of them successful companies ain't that much different at all ;)

A little more encryption? (3, Informative)

isnoop (239143) | more than 7 years ago | (#19358925)

Google is nice enough to offer SSL for most of its services these days. It would make a lot of sense for them to round out their secure offerings with an SSL search as well.

Right now, any request to an encrypted Google search URL redirects you to www.google.com.

Who is this man!? (1)

termigan (118387) | more than 7 years ago | (#19359563)

Just how prevalent are these men who are in the middle? I've yet to hear about an actual attacker using this strategy. Is that because the middle men are pretty much undetectable and many compromises happen without the user noticing that he didn't do anything 'wrong?' The crackers seem to have an easy enough time phishing their way into your data or doing social engineering to land an executable on your machine. It seems like it's much harder to set yourself up as this man in the middle than it is to find exploits or engineer your way in. No amount of SSL will save users from sending data to the bad guys by impersonation. Once a cracker finds his exploit and has landed code or a file in an arbitrary location on your machine, you're compromised, and the gig is up for the user. Even SSL is vulnerable, since it is so inconvenient, nay, near impossible to run many programs as a limited user under XP. Maybe Vista makes progress, maybe the user clicks so often that he gets duped into nullifying this "security."

That said, I think a browser actually accessing non-"browser system" files on your disk without a warning of some kind is a bad idea. Clicking on links is exploit sensitive, sure, but why make being a man in the middle more than a data collecting trick?

Re:Who is this man!? (0)

Anonymous Coward | more than 7 years ago | (#19362693)

No amount of SSL will save users from sending data to the bad guys by impersonation.

SSL will detect a man in the middle situation if you have the public key of the intended target stored(which you generally will if you've visited the site before). Of course, the user is generally given the option to override the old key and accept the new one(the impersonator's key), but strict security settings could probably prevent this and a careful user obviously wouldn't.

The only secure computer (0, Offtopic)

pair-a-noyd (594371) | more than 7 years ago | (#19359593)

is a disconnected computer.

This mad rush to put everything online is, well, mad..

Is it just me (0, Flamebait)

Deliveranc3 (629997) | more than 7 years ago | (#19359965)

Robert Hansen

Major U.S. software companies should really consider nuking Scandinavia?

how about (1)

ScottyMcScott (1003155) | more than 7 years ago | (#19361323)

a windows based google OS. Whatttttt? stop looking at me like that.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?