Loading Profile...
Code injection intrusion attempt triggered by Google Desktop Action
Hi James,
Thanks for replying to me by email to my question about “code injection intrusion attempt alert when using Google Desktop” (SPF Ticket #001-00-266757). This was occurring when, after a desktop search, I clicked on the file to open it. Thanks for the tips on how to make an exception for googledesktop.exe so as to allow code injections and buffer overflows.
My question, James, is not whether I can make an exception, but should I make an exception for googledesktop.exe? What concerns me are issues like Google’s “single sign on” (SSO). Mike Howard (Kim Cameron on GOOGs single sign on design vulnerability) has written about this. So has Kirk Cameron (Hole in Google SSO service). Supposedly, Google fixed this bug in September according to ZDNet (Google closes hole in Single Sign-On service).
As a skeptic and cynic (and mildly paranoid), I hesitate to make an exception. I denied each attempt and still had access to the file. So I was happy. I still don’t understand the injection attempt and thus hesitate to make an exception. It may be perfectly ok for all I know; but then again, it may be perfectly exploitable. I don’t know.
Take care,
--jerry
Thanks for replying to me by email to my question about “code injection intrusion attempt alert when using Google Desktop” (SPF Ticket #001-00-266757). This was occurring when, after a desktop search, I clicked on the file to open it. Thanks for the tips on how to make an exception for googledesktop.exe so as to allow code injections and buffer overflows.
My question, James, is not whether I can make an exception, but should I make an exception for googledesktop.exe? What concerns me are issues like Google’s “single sign on” (SSO). Mike Howard (Kim Cameron on GOOGs single sign on design vulnerability) has written about this. So has Kirk Cameron (Hole in Google SSO service). Supposedly, Google fixed this bug in September according to ZDNet (Google closes hole in Single Sign-On service).
As a skeptic and cynic (and mildly paranoid), I hesitate to make an exception. I denied each attempt and still had access to the file. So I was happy. I still don’t understand the injection attempt and thus hesitate to make an exception. It may be perfectly ok for all I know; but then again, it may be perfectly exploitable. I don’t know.
Take care,
--jerry
I’m just double-checking.
1
person has this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Jerry, please contact us directly at support@sunbeltsoftware.com and we will be able to assist you.1 Comment
Add a comment
This answers the question
-
Hi Peter,
Sorry, I misread the intrusion dialog.
Here is what happens. I open Google Desktop. I search for George Carlin Quotes. GD finds a text file, amongst other results. I click on the link to the text file. Voila, an intrusion alert dialog. Also, the text file opens.
Here is what the intrusion dialog says.
Technical details about the intrusion attempt:
Injector application: <unknown>
Description: </unknown><unknown>
File version:
Product name:
Product version:
Created: N/A
Modified: N/A
Accessed: N/A
Target application: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
Description: Google Desktop
File version: 5.8.809.23506
Product name: Google Desktop
Product version: 5.8.809.23506
Created: 2007/3/30, 11:01:06
Modified: 2008/12/24, 00:53:30
Accessed: 2009/1/30, 04:39:47
Address of injection: 0x7C80AEDB
</unknown>
Questions. What app is causing the injection? Is this an issue with SPF (4.5.916) and an inability to monitor the Window’s kernel? Can this possibly be a rootkit at work? I don’t know.
Thanks for your help.
Take care,
--Jerry -
Inappropriate?It might be another security software that is causing that, since normally the only things that will show up as unknown in there are other security software that have features to hide themselves from other running process's.
Check your other security software and see if they have any type of self protection or hiding options, once you disable that you can then see what application is doing the injecting, and create an exception for it.
