Earlier today, Google announced a number of new technologies as part of their Google Inside Search Launch (http://www.google.com/insidesearch/). One of the more interesting is their idea to speed up the Web with something called “Instant Pages.” The basic idea is that they are taking their ability to correctly guess what a user is going to search on, and pre-loading the content from the origin server onto your local machine. Apparently, this only works with the Chrome browser.
This leads to some interesting exploit scenarios. In the past, search algorithms have been duped to have malicious pages show up in results. In those cases, although they are dangerous, the user still has to click on one of the top results to get infected. In the new scenario, the big question is if a user can be exploited by simply searching, without even clicking on a link.
In slightly related news, Google also announced voice recognition to search. It will be interesting to see how/if the rogue AV camps will also be utilizing this to their advantage in the future.
Leave a reply