A proof of concept is being circulated that details showing how an attacker could exploit Google Desktop to launch software on a victim's computer.
Google hacker Robert Hansen posted the Google Desktop proof of concept at his ha.ckers.org blog. The exploit is not easy for an attacker and it can not be used to install software on a victim's machine, but it is an example of Web-based application vulnerabilities, Hansen, CEO of security consultancy Sechteory.com said. An attacker can use a wireless hotspot and wait for a victim with Google Desktop installed, Hansen said.
"It could be done as a prank or something malicious," Hansen said at the Ha.ckers.org site. "The point being these types of deep integration between the web and client side applications is really dangerous and breaks the security models put in place by the browsers."
Hansen also posted a video of the Google proof of concept.
California legislators could strengthen data security breach law
Legislators in California are considering a bill that would strengthen current data security breach notification requirements in that state to enable consumers and businesses to seek reimbursement for a breach.
The bill is being sponsored by the California Credit Union League (CCUL). The state's current law requires retailers to take "reasonable steps" to destroy consumer data, such as credit and debit card numbers. If passed the bill would ban merchants from storing payment related data.
The bill also requires merchants to notify consumers of a breach with the type of data that was compromised as well as a toll-free number or email address that consumers can contact for more information.
Samba bug found in Mac OS X
The open-source file and print program Samba, has a vulnerability that could be exploited in Mac OS X, according to an alert issued by Symantec.
Multiple heap-based buffer overflow flaws exist in Samba's NDR RPC (remote procedure call) request. The vulnerability affects Samba 3 versions prior to 3.0.25.
Mac OS X users should upgrade to the latest Samba version, 3.0.25. A workaround can also be performed by disabling the Windows Sharing service until Apple has an official update available, Symantec said.