Ask.com Toolbar Reportedly Prone To Vulnerability
September 26, 2007
Flaw would potentially allow hackers to remotely control computers belonging to other users
According to a report from the IDG News Service, a fatal flaw has been discovered in the Ask.com toolbar that could potentially allow someone to take control of another person’s computer. The problem lies in what IDG describes as a “buffer overflow flaw in the toolbar, involving an ActiveX advisory, posted by security vendor Secunia APS.” The report describes the problem as “highly severe,” affecting the 4.0.2 version of the Ask.com toolbar and potentially other versions as well.
The toolbar is located below the address bar and allows users to access weather forecast information, stock quotes, as well as search another person’s desktop and Internet browsing history.
WabiSabi Labi Ltd, a Swiss company specializing in the selling of vulnerability related information, is currently auctioning the toolbar problem online, with a minimum set at $705.
This auction has been criticized by many security analysts, who believe that software companies should be notified of vulnerabilities and flaws in a discreet, confidential matter and be given time to fix said errors before putting users in danger.
Software engineers, according to these analysts, should be rewarded, not criticized publicly via the Internet, for their work.