Version: 2008
  • On CBS MoneyWatch: Best Colleges You've Never Heard Of
advertisementGet Smart about Business Spending

December 20, 2004 7:52 AM PST

Google: We've fixed desktop search tool flaw

By Dan Ilett
Special to CNET News.com

  • 2 comments
Related Stories

Gartner: Google desktop search not enterprise-ready

 December 14, 2004

MSN joins desktop search fray

 December 13, 2004

Can IBM be a Google for businesses?

 December 13, 2004

Search companies vie for the desktop

 December 10, 2004

Google unveils desktop search

 October 14, 2004
Google says it has fixed a flaw that could have allowed hackers to search the contents of PCs running the company's desktop search tool.

According to a statement issued Monday by the Web search company, it has rolled out a fix for the vulnerability. The flaw in the tool was discovered in late November by a Rice University computer scientist and two of his students.

A Google representative said, "We were made aware of this vulnerability with the Google Desktop Search software and have since fixed the problem so that all current and future users are secure."

Dan Wallach, an assistant professor of computer science at Rice University, discovered the vulnerability while working with graduate students Seth Fogarty and Seth Nielson. Wallach describes it as a composition flaw--where a security weakness is caused by the interaction of several separate components.

According to The New York Times, which first reported the discovery of the flaw, Wallach, Fogarty and Nielson found that the Google desktop tool looks for traffic that appears to be going to Google.com and then inserts results from a user's hard disk for a particular search.

They managed to trick the Google desktop search program into inserting those results into other Web pages where an attacker could read them. This would only work after a user had visited an attacker's Web site, upon which a Java program (as created by the Rice group) would be able to fool the Google desktop software into providing the user's search information. The program was able to do anything with the results, including transmitting them back to the attacking site.

The disclosure of this flaw comes just days after research company Gartner warned businesses to steer clear of Google's desktop search tool until a more robust, enterprise-ready version is released.

Security experts have also warned that virus writers could use desktop search tools to make their malware more efficient.

Dan Ilett and Graeme Wearden of ZDNet UK reported from London.

See more CNET content tagged:
desktop search, Google Desktop, flaw, Google Desktop Search, Google Inc.

Add a Comment (Log in or register)
Google's fix
by Sonicsands December 20, 2004 9:14 AM PST
Maybe Google is confident they have fixed this problem. But it sure is not obvious from their website whether the downloadable version is the one with the fix or not. It's as if they do not want to reveal that there has been a problem.
Reply to this comment
I told you so....
by Prndll December 20, 2004 4:04 PM PST
If you were to look into the past records of this site, I said that I was concerned about his very thing. I had commented on how dangerous this kind of thing could be.
Reply to this comment
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Google (2.07%) 11.41 562.51
Dow Jones Industrials (2.03%) 203.52 10,226.94
S&P 500 (2.22%) 23.78 1,093.08
NASDAQ (1.97%) 41.62 2,154.06
CNET TECH (2.03%) 31.22 1,569.62
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET