A quick post on those cool little gadgets for iGoogle. 2 security consultant from SecTheory demonstrated such an attack at the Black Hat hackers conference in Las Vegas. They broke into a web browser and read all the personal searches in real time. Gadgets that store personal info are the most at risk of course.
Google says that it scans all the gadgets regularly for malicious code, ones containing malicious code are immediately blacklisted.
They say also that since November 2007 no new “inline” gadgets are accepted because they store personal information.
Companies are always making gadgets to promote their company like adding a route planner application for example for users to include on their page. This means that users are more likely to go to that site for services such as buying car insurance or something. If users start to mistrust the gadgets, then these will be useless.
I guess not allowing personal information to be stored is a good way of averting these particular hacks but there are plenty of other malicious hacks that will surface I’m sure. It’s not just Google who is faced with this problem but also sites like Facebook for example.