Slashdot Log In
A Second Google Desktop Vulnerability
Posted by
kdawson
on Sun Feb 25, 2007 03:47 AM
from the anti-anti-anti-DNS-pinning dept.
from the anti-anti-anti-DNS-pinning dept.
zakkie writes "According to InfoWorld, Google's Desktop indexing engine is vulnerable to an exploit (the second such flaw to be found) that could allow crackers to read files or execute code. By exploiting a cross-site scripting vulnerability on google.com, an attacker can grab all the data off a Google Desktop. Google is said to be investigating. A security researcher is quoted: 'The users really have very little ability to protect themselves against these attacks. It's very bad. Even the experts are afraid to click on each other's links anymore.'"
This discussion has been archived.
No new comments can be posted.
A Second Google Desktop Vulnerability
|
Log In/Create an Account
| Top
| 80 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
I'd RTFA but... (Score:5, Funny)
I'd RTFA but I'm afraid of what will happen if I do.
Hindsight... (Score:1)
I can't be the only one... (Score:3, Interesting)
Does anyone else think that was tremendously funny in a sixth-grade-humor sort of way? Maybe I just am up too early.
Misleading summary (Score:5, Informative)
(Last Journal: Monday October 01, @08:54AM)
Experts? (Score:3, Insightful)
Umm.. Google desktop runs on Windows.. Seriously, how many "security experts" do you know running Windows?
Re:Experts? (Score:4, Insightful)
(http://netapps.com.au/)
Since most of the money (and challenges) for security is on Windows, I supose they could hardly be using anything else.
Re:Experts? (Score:4, Informative)
BSD isn't supported as a VMWare host OS.
Re:Experts? (Score:4, Funny)
(Last Journal: Wednesday January 31 2007, @02:25AM)
Not me. *I* find my Windows XP SP2 vulnerabilities using a Commodore 64 and a Commodore 1541 disk drive with a VM in its controller.
Afraid to click on links? (Score:2)
(http://whineymacfanboy.googlepages.com/ | Last Journal: Thursday April 12 2007, @09:28AM)
That's all those "security experts" out there who use Google Desktop (yeeesh).
Google Desktop pre-loaded on Dells (Score:5, Interesting)
(http://www.poconopcdoctor.com/ | Last Journal: Monday February 19 2007, @08:45AM)
The end result was that not much happened.
My take? I still uninstall it whenever I see it.
Re:Google Desktop pre-loaded on Dells (Score:5, Insightful)
Those Dells should have been wiped and had a secure configuration reloaded. Yeeeesh
What hospital are you at, so I can avoid it?
Welcome to ubiquity, Google (Score:3, Interesting)
Why Google Desktop is too frustrating to be used (Score:5, Insightful)
More infuriatingly, Google Desktop also doesn't understand that emails that it indexes in my Outlook Inbox won't stay there forever due to restrictions on server mailbox size, and doesn't re-index them when they move to an offline
Google Desktop still doesn't support the use of '-' to join two words, i.e. "foo bar" can be written as foo-bar. And the Google Desktop results within Outlook are still not a proper Outlook result list (as with Outlook Find), so you can't just drag items into a new email as attachments - no, you have to open up the email (if it can find it...), use Outlook to copy it to a temp folder, then drag from that folder into the new email.
Google Desktop is simply too annoying to use any more, even though I've used it from version 1, and is actually a very un-Google-like product. Unlike the core Google.com search, which has been quietly optimised over the years to add stemming, proximity, spelling correction, etc, Google Desktop is actually a rather mediocre and barely usable desktop search tool whose primary benefit is that it integrates well with Google Toolbar.
The root cause and how I avoid it (Score:5, Insightful)
I realise there are many other people who see Web 1.0 as too limited for all the usual reasons, e.g. because they want interactivity features, or Flash movies, or proper CSS support for different display devices, etc, all of which are good reasons for them and do require the use of Javascript / AJAX. I don't need any of that, however, so I disable Javascript. I have yet to find a website with textual information that could not have been written or read by me based on good old HTML. Another reason I prefer websites that avoid relying heavily upon Javascript, even to make simple links between webpages, is that they can be properly indexed by search engines.
Quick fix (Score:5, Insightful)
(http://www.kaizenlog.com/)
People keep complaining bout my sig (Score:4, Interesting)
(Last Journal: Saturday January 06 2007, @01:13AM)
Browsers suck. javascript is unsafe and most sites/webapps don't sign url/form parameters. So learn to think before you click.
And if you are thinking of clicking on some strange stuff, open a pristine VM, and use a clean browser there (you can even "sort of" put the VM on a different network from your computer - get two NICs).
Who uses this crap anyway? (Score:2, Interesting)
Overconfidence? (Score:2)
Doesn't affect all Google Desktop users (Score:4, Interesting)
(Last Journal: Wednesday June 22 2005, @11:11AM)
Simple solution: make sure you disable the "feature" allowing you to index your hard drive on Google's servers. IMHO, a terrible feature that has caused Google far more harm than good. Many companies have banned Google Desktop because of this capability. It was even more inexcusable when it was enabled by default.
Moral of the story: even if they aim to "do no evil," Google's self-assuredness often leaves the user paying the price for Google's mistakes.
Snort signatures here: (Score:3, Interesting)