From gadgets that slide-show pictures of vacations past to calendars that show events in the future, Google Gadgets look cool. But they also have the potential to contain vulnerabilities like anything else within Web 2.0.
By design, Google Gadgets allow scripted code to be uploaded by the end user, creating interesting new attack vectors for those with malicious intent.
CNET's Robert Vamosi talked with Robert Hansen (aka Rsnake), chief executive of SecTheory, and Tom Stracener (aka Strace) of Cenzic. Both will be presenting a talk called "Xploiting Google Gadgets: Gmalware and Beyond" at the annual Black Hat conference in Las Vegas next week.
During the talk, they plan to disclose a zero-day vulnerability in Google Gadgets that will make Gmalware (Gmodules-based malware) a significant threat.
Listen now: Download today's podcast