pentachris
12-21-2004, 01:57 PM
I've never thought this software was a good idea; the security hole doesn't surprise me in the least. -Chris
http://www.newscientist.com/article.ns?id=dn6821
A flaw in Google's desktop search program was revealed on Monday by a team of computer researchers. They showed it could be used to capture valuable personal information from a remote user's computer.
Google Desktop Search (GDS) lets users quickly hunt for files and documents stored on their computer using a web browser. After installation, the program runs in the background - indexing documents, emails, instant messaging conversations and web browser history - so that searches bring up results almost instantly.
.....
By analysing packets of information sent across a network, the team realised they could fool the application into handing over desktop search results to a remote user via the internet.
.....
The trick is more a proof of concept than a real threat as Google was notified of the vulnerability in November and began updating desktop programs remotely on 10 December. The company said in a statement that it had "since fixed the problem so that all current and future users are secure".
Bruce Schneier, a US computer security expert, said the flaw is potentially serious but no different to those found in many different applications every day. "Like any piece of commercial software, it's huge and complex," he told New Scientist.
http://www.newscientist.com/article.ns?id=dn6821
A flaw in Google's desktop search program was revealed on Monday by a team of computer researchers. They showed it could be used to capture valuable personal information from a remote user's computer.
Google Desktop Search (GDS) lets users quickly hunt for files and documents stored on their computer using a web browser. After installation, the program runs in the background - indexing documents, emails, instant messaging conversations and web browser history - so that searches bring up results almost instantly.
.....
By analysing packets of information sent across a network, the team realised they could fool the application into handing over desktop search results to a remote user via the internet.
.....
The trick is more a proof of concept than a real threat as Google was notified of the vulnerability in November and began updating desktop programs remotely on 10 December. The company said in a statement that it had "since fixed the problem so that all current and future users are secure".
Bruce Schneier, a US computer security expert, said the flaw is potentially serious but no different to those found in many different applications every day. "Like any piece of commercial software, it's huge and complex," he told New Scientist.