Google fixes security flaw in desktop tool

By Derek Sooman on December 20, 2004, 3:06 PM
Google's desktop search tool was worrying a number of users who installed it recently, when it was revealed that the software contained a flaw which could make it possible for hackers to to search the contents of PCs running the software. Google has now reported that it has fixed this flaw.

According to a statement issued Monday by the Web search company, it has rolled out a fix for the vulnerability. The flaw in the tool was discovered in late November by a Rice University computer scientist and two of his students.

The New York Times was the first to post about this flaw. They discovered that the Google desktop tool looks for traffic that appears to be going to Google.com and then inserts results from a user's hard disk for a particular search. But it is possible to trick the application into inserting those results into other Web pages where an attacker could read them.

This would only work after a user had visited an attacker's Web site, upon which a Java program (as created by the Rice group) would be able to fool the Google desktop software into providing the user's search information. The program was able to do anything with the results, including transmitting them back to the attacking site.

Its great news to hear this problem getting fixed right away, as the potential for some kind of malicious exploit - such as a virus - to be written was a great worry.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.