Wednesday, February 21, 2007

Serious Flaw in Google Desktop Prompts Patch

Via SecurityFix -

Search engine giant Google has issued an update for people running its powerful Desktop software. Researchers had demonstrated a potentially devastating security hole in the software that could allow bad guys to snoop on users' computers or even to install additional software.

For the uninitiated, Google Desktop is free software that sits on your computer and indexes your e-mail, chat conversations, documents and previous Web searches to make them easy to find. But according to a discovery last year by Waltham, Mass., security company Watchfire, attackers could hijack a user's sensitive data in older versions of the software.

This flaw appears to be quite dangerous, but the mechanics of it and the steps the bad guys would need to take seem complicated. Anyone who wants to learn more about this flaw should check out Watchfire's research paper
here. There also is a longish video that provides a real-world example of how an attack could work.

----------------------------------------

Unlike Brian over at SecurityFix, I have been avoiding this application like the bird flu and have never installed it on anything ever. While I agree that security is a trade-off, I guess I just never need to find stuff that bad. I like to always know where my stuff is...in the first place.

Google is a great company and I like most of their products, but in a corporate world....I just see this application has an unnecessary risk and I have been saying this since Feb 2006.

But hey, to each his own....

No comments:

Post a Comment