Blog
May 3, 2010
Malicious Google Gadgets in Action
Malicious Google Gadgets in Action Video – by Offensive Security
1 min read
A new report by emgent shows malicious Google Gadgets in action. The real vulnerability lies in the ability of a malicious user to add their own Gadgets on a separate domain space, without Google’s authorization.
The attack variant shown in the movie can be altered to steal cookies, run arbitrary JavaScript on victim machines, and could be further weaponized to create Malicious Google Gadget worms.
When researching this topic, we found references to similar vulnerabilities which date back to 2007, reported by Tom Stracener and Robert Hansen.
Although the Google infrastructure has changed since 2007, it seems that this new variant of attack is still possible. Emgent’s email to Google over a month ago was unanswered. The solution ? Extra vigilance on your side. Check our demo movie.
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
OffSec News
Evolve APAC 2024: Key Insights
Discover key insights from Evolve APAC 2024 on building skills, career growth, and tackling cybersecurity challenges with expert advice.
Nov 21, 2024
8 min read
Enterprise Security
How to Use Assessments for a Skills Gap Analysis
Discover how OffSec’s Learning Paths help organizations perform skills gap analyses, validate expertise, and strengthen cybersecurity teams.
Nov 19, 2024
4 min read
Enterprise Security
The Human Side of Incident Response
Effective incident response requires decision-making, adaptability, collaboration, stress management, and a commitment to continuous learning.
Nov 8, 2024
5 min read