Monday, December 20, 2004

Google Desktop Security flaw

Dan Wallach's group at Rice University has found another security flaw.

"We found that the Google Desktop personal search engine contained a serious security flaw that would allow a third party to read the search result summaries that are embedded in normal Google web searches by the local search engine.

"An attacker would not be able to read your files directly, but the search results often contain snippets of your files. If you had a file with a list of web passwords, for example, an attacker might be able to read some of those passwords."

This appears to be yet another example of "emergent" security vulnerabilities, which arise when components are combined or used in ways not anticipated by their designers.



Post a Comment