Google Patches New Desktop Search Holes

 
Dec 15, 2004
Some research students at Rice University found two new security exploits against Google's Desktop Search tool. These students informed Google of their findings and have been working with the company since November to create a patch. Google released both the news of the exploits and the patch.

Google's Desktop Search tool has an optional feature that lets users integrate search results from their local machine with Google website searches. The Rice University students proved that a malicious attacker could use either a Java applet or a man-in-the-middle JavaScript exploit to pretend to be a browser and intercept the local search information as it is being integrated. They have written a fascinating paper on their research -- the attacks they used and possible countermeasures, including the one that Google has decided to adopt.

More information on these holes and the Google patch can be found in the links below.

Google Patches Desktop Search Flaw (eWeek, December 20, 2004)

Attacks on Local Searching Tools (Research Paper, Computer Science Department, Rice University)
Privacy | FAQ | Site Map | About | Guidelines | Contact | Advertising | What is ColdFusion?
House of Fusion | ColdFusion Jobs | Blog of Fusion | AHP Hosting