It's nice to see Microsoft and Google's respective technologies working in tandem - but not so nice to see it used to expose data on your own hard disk to a malicious website operator.Security researcher Matan Gillon has published a proof-of-concept flaw that exploits Google Desktop, the search software that runs on a local PC, and Internet Explorer 6.Right away a wave of disappointment ran through me. I couldn't believe that Google would pull a 'MS' and release something resembling something more like a slice of swiss cheese than a good piece of software. In their quest for Internet domination could Google be rushing their products out the door? It's something that bugs me more than anything else about the big companies.Well, the next paragraph, which I should add, is after an advertisement that pushes it down off the screen, brings the whole situation into the light.
The principal culprit, once again, is Microsoft's lax and inconsistent implementation of Cascading Style Sheets (CSS) in Internet Explorer. A web site can inject code into a page which allows it to execute on a remote machine.
Did I not just complain for a few straight days about MS and their support for CSS? Of course I did. Google, on the other hand, can't be left blameless in this situation. Their careless programming left this security hole wide open. I know they can't be expected to test every single piece of software from other companies to insure that it will work flawlessly with their own product, but this is Microsoft IE. It's not a small name product with little or no marketshare. Millions use IE, which means Google should have done more thorough testing to ensure a safe surfing experience from their Google Bar.
No comments:
Post a Comment