Questions?email Derek Questions?email Avatar

iGoogle Gadgets called “very insecure” by Hackers at DEFCON

by Avatar Stumble this! August 10th 2008

image 

It looks like Hackers at this year DEFCON Hacker convention in Las Vegas want to make this year the best hacking convention yet by the exploits i have read about so far. Robert Hansen of SecTheory got one that affects a lot of Widgets Lab readers directly. a iGoogle breach that can be done with tainted iGoogle Gadgets. the exploits can go from regular phishing scams to ad aware, to malware, to virus routing, to identity theft and even up to the remote control of your computer depending the skill of the perpetrator.  this can be done by either tainting a good google gadget from where it is served by a third party iGoogle Gadget developer or by developing a tainted one by design downloaded from outside the iGoogle Gadget Gallery. even if it was in a unsuspicious and totally legit looking igoogle gadget site by a third party.

Obviously the second one would be the most dangerous one. and it is the one to watch out for and the one easily to avoid. by not downloading iGoogle Gadgets you haven’t  seen in a blog covering widgets  like Widgets Lab or that has not been covered by Google news official and unofficial but known channels.

The other one is the one to worry, because if it is a tainted Google Gadget from a known source or right from the iGoogle Gadget Gallery, then that is quite unavoidable and the only ones that can prevent such gadgets from affecting you is Google and legit iGoogle Gadget developers by improving their security and google by fixing the security of the platform.

The good news is. that Google says that they usually scan the iGoogle Gadgets Gallery Gadgets and that they rarely find anything at all. and that those that they find never make it to the iGoogle Gadget Gallery in the first place.  another thing is that if you got your computer protected or are one of vista users that run IE7 in protected mode.. you should also not be worried about it. if you are not well protected. then just don`t download stuff from shady or completely unknown websites and use official or unofficial but known download sites. as easy as that. this applies for everything.

Google “gadgets” called gateways for hackers   via the AFP on Yahoo! News

Get Widgets Lab by Email

subscribe

1 Comment »

  1. [...] public links >> igoogle iGoogle Gadgets called “very insecure” by Hackers at DEFCON Saved by mala1andeja on Tue 04-11-2008 Five Ways iGoogle Gadgets Can Help Your Online Marketing [...]

    Pingback by Recent Links Tagged With "igoogle" - JabberTags — 11-4-08 @ 7:19 pm

Receive IM, Email or Mobile alerts when new comments for this post appear.

RSS feed for comments on this post.
TrackBack URI

Leave a comment

(required)

(required...but never compromised)




Search for related information

Custom Search

Custom Search for Widgets Lab.com


Featured Widgets

Advertise Your Widget Here!

Widgets Lab at Blogged Blog Directory - Blogged

List of Widgets

Widgets Lab

Recent Posts

11.19 CinemaSlots widget
11.18 MyVGift.com Get FREE virtual gifts
11.17 AddToAny Stays Current As It Adds New Features
11.14 What Is Going On With Widgets Lab?
11.6 Korean Samsung T*Omnia SCH-M490 Not Only Got WM And TouchWIZ, It Is Also Incredible
11.6 Google Gadgets Adapted To Nokia Internet Tablet
11.6 RockYou Raises Another $17 Million In Funding From Softbank
11.6 Remember The Milk Gadget For Gmail
11.6 Gigya gets new CEO out of ValueClick
11.5 Blogrush Widget Closes Doors In Mystery
11.5 WidgetLaboratory Now In SocialGO
11.5 Skyfire Browser Beta 0.8 For Windows Mobile Now Open For All In The U.S.A
11.5 Google Toolbar Turns 8, IE Gets Update And It Includes More Gadgetry
11.4 Docstoc now lets you upload via email
11.4 Google Gadgets for Gmail


Widget Links


Copyright ©2007 Widgets Lab.com All rights reserved

Feed Shark
Clicky Web Analytics