Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Second Google Desktop Vulnerability

Posted by kdawson on from the anti-anti-anti-DNS-pinning dept.

zakkie writes "According to InfoWorld, Google's Desktop indexing engine is vulnerable to an exploit (the second such flaw to be found) that could allow crackers to read files or execute code. By exploiting a cross-site scripting vulnerability on google.com, an attacker can grab all the data off a Google Desktop. Google is said to be investigating. A security researcher is quoted: 'The users really have very little ability to protect themselves against these attacks. It's very bad. Even the experts are afraid to click on each other's links anymore.'"

3 of 80 comments (clear)

  1. Why Google Desktop is too frustrating to be used by Cato · · Score: 5, Insightful

    Google Desktop says that it automatically updates itself, but that doesn't work, and there's no 'force an update' feature as with Firefox.

    More infuriatingly, Google Desktop also doesn't understand that emails that it indexes in my Outlook Inbox won't stay there forever due to restrictions on server mailbox size, and doesn't re-index them when they move to an offline .PST file. So I frequently find an email, then try to open it in Outlook, then find I can't and have to find it manually by date/time. Same issue with files that are renamed or moved. Many people have complained about this, but the Google Desktop team ignored this, and instead spent their time producing the incredibly useless widgets, rather than *making the search features really work well*.

    Google Desktop still doesn't support the use of '-' to join two words, i.e. "foo bar" can be written as foo-bar. And the Google Desktop results within Outlook are still not a proper Outlook result list (as with Outlook Find), so you can't just drag items into a new email as attachments - no, you have to open up the email (if it can find it...), use Outlook to copy it to a temp folder, then drag from that folder into the new email.

    Google Desktop is simply too annoying to use any more, even though I've used it from version 1, and is actually a very un-Google-like product. Unlike the core Google.com search, which has been quietly optimised over the years to add stemming, proximity, spelling correction, etc, Google Desktop is actually a rather mediocre and barely usable desktop search tool whose primary benefit is that it integrates well with Google Toolbar.

  2. Quick fix by infonote · · Score: 5, Insightful

    Vulnerabilities exist and will continue to exist. As long as it is fixed within a short period of time it is ok. Saying that, If I was a manager in a commercial organization, I would never allow Google Desktop on my employees computers as online security is still in its infancy.

    --
    Visit http://www.kaizenlog.com
  3. Re:Google Desktop pre-loaded on Dells by synx · · Score: 5, Insightful

    Any hospital that is using whatever Dell or HP or any vendor has pre-installed on a box is being irresponsible.

    Those Dells should have been wiped and had a secure configuration reloaded. Yeeeesh

    What hospital are you at, so I can avoid it?