A Second Google Desktop Vulnerability 80
zakkie writes "According to InfoWorld, Google's Desktop indexing engine is vulnerable to an exploit (the second such flaw to be found) that could allow crackers to read files or execute code. By exploiting a cross-site scripting vulnerability on google.com, an attacker can grab all the data off a Google Desktop. Google is said to be investigating. A security researcher is quoted: 'The users really have very little ability to protect themselves against these attacks. It's very bad. Even the experts are afraid to click on each other's links anymore.'"
I can't be the only one... (Score:3, Interesting)
Does anyone else think that was tremendously funny in a sixth-grade-humor sort of way? Maybe I just am up too early.
Welcome to ubiquity, Google (Score:3, Interesting)
Re:Experts? (Score:3, Interesting)
Yes, I agree with you. But where I work if you are in any senior position you would be running windows on your desktop. Our "IT manager" has no IT experience at all, beyond knowing who has what contracts. Thats the guy in charge of security.
Google Desktop pre-loaded on Dells (Score:5, Interesting)
The end result was that not much happened.
My take? I still uninstall it whenever I see it.
People keep complaining bout my sig (Score:4, Interesting)
Browsers suck. javascript is unsafe and most sites/webapps don't sign url/form parameters. So learn to think before you click.
And if you are thinking of clicking on some strange stuff, open a pristine VM, and use a clean browser there (you can even "sort of" put the VM on a different network from your computer - get two NICs).
Who uses this crap anyway? (Score:2, Interesting)
Doesn't affect all Google Desktop users (Score:4, Interesting)
Simple solution: make sure you disable the "feature" allowing you to index your hard drive on Google's servers. IMHO, a terrible feature that has caused Google far more harm than good. Many companies have banned Google Desktop because of this capability. It was even more inexcusable when it was enabled by default.
Moral of the story: even if they aim to "do no evil," Google's self-assuredness often leaves the user paying the price for Google's mistakes.
Snort signatures here: (Score:3, Interesting)