Google's desktop search application is vulnerable to an exploit that allows a determined attacker to remotely run most programs installed on a victim's machine. The flaw is one of at least four security holes to visit Google this past week, demonstrating that the search king, despite the god-like aura it enjoys for its pleasing …
Security? We don't need no security!
Imagine you're the CEO of a Web 2.0 startup working on the Next Big Thing. Your product is ready for release, but you have the choice of paying a security team a lot of money to spend 3 months kicking the tyres to find (most of) the security holes. You're going to pay the money and hold off aren't you, since security is "Job #1"? Yeah, right!
Users can't see security - except when it gets in the way or (ultimately) when it fails. And first to market trumps other concerns.
Wrapping insecure code with endless layers of sticking-plaster patches doesn't work and only introduces more holes. The only way to get a truly secure product is to design security in from the ground up. But that's tough to do, adds costs, diminishes the user experience and (worst of all) delays development. And that's why we have insecure software and (until something changes fundamentally) always will have.
Blue Skies .......... Joust Thinking.
"The only way to get a truly secure product is to design security in from the ground up."
Actually, in the Next Big Thing, insecurity is designed out to get a truly secure product. IT is AI Way.
From http://noscript.net/features#xss :
"While Cross-Site Scripting (XSS) vulnerabilities need to be fixed by the web developers, users can finally do something to protect themselves:
NoScript is the only effective defense available to "web-consumers", waiting for "web-providers" to clean up their mess."
This GMail XSS flaw is just the tip of an iceberg, check http://xssed.org/pagerank
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
- Breaking Fad 4K-ing excellent TV is on its way ... in its own sweet time, natch
- Was Earth once covered in HELLFIRE? No – more like a wet Sunday night in Iceland
- First Irish boy band U2. Now Apple pushes ANOTHER thing into iPhones, iPods, iPads
- Hate Facebook? Hate it enough to spend $9k fleeing it? Web 'country club' built for the rich