Google Desktop vulnerable to attack
Although rare, a sophisticated attacker could perform a man-in-the-middle attack using Google Desktop.
Security researcher Robert Hansen, aka RSnake, has published details of a new attack on Google Desktop. Basically, Hansen found a man-in-the-middle attack, this time placing an attacker between Google and someone launching a desktop search query. From this position, the attacker is able to manipulate the search results and possibly take control of other programs on the desktop.
Hansen writes: "This should drive home the point that deep integration between the desktop and the Web is not a good idea" since Google's site is unencrypted and therefore can be subverted by an attacker. But Hansen notes there are two caveats here: one, you need to have Google Desktop installed, and two, the attacker must be sophisticated enough to launch a man-in-the-middle attack upon you.
To illustrate the attack, Hansen provided an online video demonstration.