ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Google: We've fixed desktop search tool flaw

Dan Ilett and Graeme Wearden ZDNet.co.uk

Published: 20 Dec 2004 13:05 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Google has fixed a flaw that allowed hackers to search the contents of a PC running its desktop search tool.

According to a statement from the Web search company on Monday, it has rolled out a fix for the vulnerability that a US computer scientist and two of his students found in the tool in late November.

"We were made aware of this vulnerability with the Google Desktop Search software and have since fixed the problem so that all current and future users are secure," said a Google spokeswoman.

Dan Wallach, an assistant professor of computer science at Rice University, discovered the vulnerability while working with graduate students Seth Fogarty and Seth Nielson. Wallach describes it as a composition flaw -- where a security weakness is caused by the interaction of several separate components.

According to The New York Times , which first reported the discovery of the vulnerability, Wallach, Fogarty and Nielson found that the Google desktop tool looks for traffic that appears to be going to Google.com and then inserts results from a user's hard disk for a particular search.

They managed to trick the Google desktop search program into inserting those results into other Web pages where an attacker could read them. This would only work after a user had visited an attacker's Web site, upon which a Java program (as created by the Rice group) would be able to fool the Google desktop software into providing the user's search information. The program was able to do anything with the results, including transmitting them back to the attacking site.

The disclosure of this flaw comes just days after analyst firm Gartner warned businesses to steer clear of Google's desktop search tool until a more robust, enterprise-ready version is released.

Security experts have also warned that virus writers could use desktop search tools to make their malware more efficient.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
62 out of 131 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

2 comments

  1. Still prefer Copernic Desktop Search. Matt
  2. thats great for them.. i doubt ill be using it any... tuxpixie

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

Chinese Web Portal Manager

Graduate Opportunities in Technology

Internet Operations Analysts

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers