It was recently discovered by Watchfire that those who use Google Desktop are prone to having their data stolen if they are using old versions of the program. Unfortunately, with the huge phenomenon that is Google, I have a feeling that hackers and the like will be taking full advantage of this vulnerability for quite some time.

Security firm Watchfire warned Google Desktop users on Wednesday to update the program to make certain that they are protected from a vulnerability that could allow an attacker to use JavaScript to search for and steal specific data on a user’s system.

he attack, outlined in a paper (PDF) released by the firm, uses a cross-site scripting (XSS) flaw in the Google Desktop application in conjunction with any other XSS flaw in the Google.com domain to install malicious JavaScript on the user’s computer. Using the technique, an attacker could create a JavaScript program that Google Desktop repeatedly runs, allowing the attacker to search a victim’s computer using terms most likely to dredge up interesting data.[more]

Tags: Identity Theft