[buug] Gears or no Gears?
Pewter Bot
pewterbot9 at gmail.com
Tue May 19 12:52:51 PDT 2009
On Mon, 18 May 2009 Rick Moen <rick at linuxmafia.com> posted:
{{ You'll really need to read Wordpress's docs about _how_ they use the
Gears interfaces, to judge that for yourself.` }}
They're not very helpful; no discussion of possible down sides to
using Gears. My concern is how secure an interface they use, or would
my system become compromised/vulnerable.
A web search for "google gears security privacy issues" came up with
the answers I seek (and after reading these pages, I've decided to do
w/o the Gears).
Google Gears: Initial Thoughts on Security Implications
http://www.oreillynet.com/onlamp/blog/2007/06/google_gears_initial_thoughts.html
--quote:
I like the concept of Google Gears. I think it’s a great idea. Just
like everything in life, the increased functionality it provides is
not without increased risk. If I had to pick from the list above, I’d
guess that we are most likely to hear of existing XSS or browser
vulnerabilities being abused to steal (or manipulate) Gears databases.
--end quote
Google Gears and Security concerns
http://www.anishshaikh.com/2008/04/google-gears-and-security-concerns.html
--quoting aspects of possible intrusion:
DNS spoofing or /etc/hosts file...SQL Injection...Cross site
scripting...Security of Data files...Memory usage...Encryption...Good
news for Forensics Investigators...New Attack
avenues...Malware...Worker Process Abuse...You cannot password protect
your files when they are offline like in Microsoft Office.
--end quote
Is it OK for Google to Own Us?
http://www.eweek.com/c/a/Security/Is-it-OK-for-Google-to-Own-Us/
--quote:
The services at issue at some point will likely include Google Gears,
now in beta, an open-source browser extension that uses Java-Script
APIs to allow users to work on Web applications when theyre offline.
--end quote
Is Google Gears Safe?
http://www.theregister.co.uk/2008/04/02/security_google_gears/
--quote:
Bottom line: Gears is probably fairly safe, provided that the site
really is trustworthy, but it is a beta and the usual caveats apply.
Check that URL carefully. Avoid Gears when used by smaller
organizations that might not have sites well defended against malware.
I still don't like the dialog though; and I'm surprised that Google
does not make it easier for users to examine the security issues.
--end quote
NO GEARS FOR ME!
--
Zekeopolis Headquarters
http://ezekielk.tblog.com
More information about the buug
mailing list