On 12/13/2009 10:01 PM, Edward Ned Harvey wrote:
> Uggh.
>
> So if you go to http://pack.google.com
>
> It’s a site that suggests which google products you might want to
> download, and creates a bundled download to grab them all at once.
>
>
>
> The creepy part is: Just by going to that site, it shows you a list of
> possible options, and says “You already have the following ones.”
Same way any online application checks to see if a plugin is installed.
The browser tells your browser to load a GUID, if that GUID isn't
found, the plugin isn't loaded. When it's not loaded, it usually
triggers a secondary part to run the installer for that plugin. Flash,
AIR, etc, all behave in the same fashion.
> This page does not use ClickOnce. So how can they tell what programs I
> have installed on my laptop, just by viewing their webpage?
There's actually 2 possibilities looking at the code. The first is they
use the above, and trigger the downloader to launch some Ajax to update
the screen... the second is some home grown JS, and components.
View source on the page, and you'll see this:
new _CI_Application('Adobe Reader',
'Adobe Reader',
'93613D9F-C440-475B-8379-E7B7E37DAAB7',
'View, print, and search PDF files via a redesigned interface',
'Secure your documents and collaborate via online, real-time meetings',
'http://www.adobe.com/misc/privacy.html',
'http://www.adobe.com/products/acrobat/readermain.html',
'2.0.773.32337',
'5.1',
'6.1',
false,
true,
new Array(),
''),
Doing a quick registry search for the GUID above (9361...) it drops
right into the Google Updater application section. This, to me, hints
that their Javascript is launching their own "Updater" application that
Google installers to check which applications you have installed. This
is relatively easy
Again, this falls into the realm of trusted applications (you could do
the same with Flash), and triggering objects from the browser. Easily
done with <object> tags, and knowing the GUID.
If you're bored, you can try reading the JS in
http://pack.google.com/cominst.js?2. Looks like they've used a JS
compressor on it, but still just readable.
Not so scary if you're installed the application yourself, and you trust
them... Do you trust google? :)
--
Jon Angliss
<j...@netdork.net>
_______________________________________________
Discuss mailing list
Discuss@lopsa.org
http://lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
