| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Mar 2007 00:18:35 +0530 From: "Debasis Mohanty" <debasis.mohanty.listmails@...il.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Fix Update: Disable Google Desktop Link Integration with IE & FireFox Thanks to all those who sent their few lines of appreciations or good words after the first release of this fix details. Many requested offlist and onlist to put some info for disabling the GDS *desktop* link for FireFox. However, being a bit lazy guy ;) I delayed the response for such long time. After doing few minutes of study, I figured out disabling the GDS desktop link in FireFox is far simpler compared to IE. Here are few updates made to the present release - - [Section 2.a] Added section for identifying components responsible for GDS desktop link integration with FireFox - [Section 3] Two more methods to fix are added under the "Permanent Fix Details". - [Section 4] Added fix details for FireFox Disabling GDS Desktop Link Integration in Google Pages Download Link - http://hackingspirits.com/vuln-rnd/vuln-rnd.html Regards, -d -----Original Message----- From: Debasis Mohanty [mailto:debasis.mohanty.listmails@...il.com] Sent: Tuesday, February 27, 2007 11:17 PM To: websecurity@...appsec.org Subject: [WEB SECURITY] Disabling Google Desktop Link Integration In Google Pages GDS Desktop Link and Google.com Integration - Bad Design or Necessary Evil? The recent security advisory on Google Desktop Search (GDS) published by Watchfire did not really surprised me as I was expecting more like this in past 2 years. However, the fact that intrigued me to write this article is Google has not yet bothered to provide it's GDS tool users the option to disable GDS desktop link regardless of knowing this design will attract more attacks in future as well. In this article, I'll discuss a bit about why the GDS issues revolves primarily around the GDS Desktop link and how one can fix it permanently by disabling it which will ensure that users can still use GDS without the fear against exploits that are targeted towards the desktop link. Get the entire article here - Disabling GDS Desktop Link Integration in Google Pages http://hackingspirits.com/vuln-rnd/vuln-rnd.html Regards, -d (aka T) ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists