lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 24 Mar 2007 00:18:35 +0530
From: "Debasis Mohanty" <debasis.mohanty.listmails@...il.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Fix Update: Disable Google Desktop Link
	Integration with IE & FireFox

Thanks to all those who sent their few lines of appreciations or good words
after the first release of this fix details. 

Many requested offlist and onlist to put some info for disabling the GDS
*desktop* link for FireFox. However, being a bit lazy guy ;) I delayed the
response for such long time. After doing few minutes of study, I figured out
disabling the GDS desktop link in FireFox is far simpler compared to IE. 

Here are few updates made to the present release - 

- [Section 2.a] Added section for identifying components responsible for
GDS desktop link integration with FireFox

- [Section 3] Two more methods to fix are added under the "Permanent
Fix Details".

- [Section 4] Added fix details for FireFox


Disabling GDS Desktop Link Integration in Google Pages
Download Link - http://hackingspirits.com/vuln-rnd/vuln-rnd.html

Regards,
-d

-----Original Message-----
From: Debasis Mohanty [mailto:debasis.mohanty.listmails@...il.com] 
Sent: Tuesday, February 27, 2007 11:17 PM
To: websecurity@...appsec.org
Subject: [WEB SECURITY] Disabling Google Desktop Link Integration In Google
Pages

GDS Desktop Link and Google.com Integration -
Bad Design or Necessary Evil?

The recent security advisory on Google Desktop Search (GDS) published by
Watchfire did not really surprised me as I was expecting more like this in
past 2 years. However, the fact that intrigued me to write this article is
Google has not yet bothered to provide it's GDS tool users the option to
disable GDS desktop link regardless of knowing this design will attract more
attacks in future as well. 

In this article, I'll discuss a bit about why the GDS issues revolves
primarily around the GDS Desktop link and how one can fix it permanently by
disabling it which will ensure that users can still use GDS without the fear
against exploits that are targeted towards the desktop link. 

Get the entire article here - 

Disabling GDS Desktop Link Integration in Google Pages
http://hackingspirits.com/vuln-rnd/vuln-rnd.html



Regards,
-d (aka T)




----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists