Google's desktop search application is vulnerable to an exploit that allows a determined attacker to remotely run most programs installed on a victim's machine. The flaw is one of at least four security holes to visit Google this past week, demonstrating that the search king, despite the god-like aura it enjoys for its pleasing …
Security? We don't need no security!
Imagine you're the CEO of a Web 2.0 startup working on the Next Big Thing. Your product is ready for release, but you have the choice of paying a security team a lot of money to spend 3 months kicking the tyres to find (most of) the security holes. You're going to pay the money and hold off aren't you, since security is "Job #1"? Yeah, right!
Users can't see security - except when it gets in the way or (ultimately) when it fails. And first to market trumps other concerns.
Wrapping insecure code with endless layers of sticking-plaster patches doesn't work and only introduces more holes. The only way to get a truly secure product is to design security in from the ground up. But that's tough to do, adds costs, diminishes the user experience and (worst of all) delays development. And that's why we have insecure software and (until something changes fundamentally) always will have.
Blue Skies .......... Joust Thinking.
"The only way to get a truly secure product is to design security in from the ground up."
Actually, in the Next Big Thing, insecurity is designed out to get a truly secure product. IT is AI Way.
From http://noscript.net/features#xss :
"While Cross-Site Scripting (XSS) vulnerabilities need to be fixed by the web developers, users can finally do something to protect themselves:
NoScript is the only effective defense available to "web-consumers", waiting for "web-providers" to clean up their mess."
This GMail XSS flaw is just the tip of an iceberg, check http://xssed.org/pagerank
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...