May 31, 2007

Gearing up with Google

Google has released its Google Gears project to the public. At first glance it seems like a pretty cool and interesting tool to play around with. It improves performance by limiting redundant traffic, allows offline browsing... pardon, searching, etc. On the other side, it's interesting to see how they manage to handle the local caching of data from a security stand point. From an attacker's perspective, Google Gears could become a sweet tool to actually steal not only users' identities (i.e. identity fraud), but also steal their online identities by abusing common web vulnerabilities such as XSS to potentially retrieve personal data that has been previously cached locally by Google Gears. It's definitely something to look into at some point.

No comments: