Rice University Computer Scientists Find a Flaw in Google's New Desktop Search Program
By JOHN MARKOFF
Published: December 20, 2004
SAN FRANCISCO, Dec. 19 - A Rice University computer scientist and two of his students have discovered a potentially serious security flaw in the desktop search tool for personal computers that was recently distributed by Google.
The glitch, which could permit an attacker to secretly search the contents of a personal computer via the Internet, is what computer scientists call a composition flaw - a security weakness that emerges when separate components interact. "When you put them together, out jumps a security flaw," said Dan Wallach, an assistant professor of computer science at Rice in Houston, who, with two graduate students, Seth Fogarty and Seth Nielson, discovered the flaw last month. "These are subtle problems, and it takes a lot of experience to ferret out this kind of flaw," Professor Wallach said.
Google introduced a test version of the desktop search tool on Oct. 14, and it can be downloaded at no cost. The program indexes material on a user's local hard disk and then blends Web search results with local user information like electronic mail, text documents and other files. The flaw would permit a search to reveal only small portions of the files....
***
In a statement over the weekend, the company said that it had been notified of the flaw by the computer researchers in late November and had begun distributing a new version of the desktop search engine that repairs the potential security hole. Google's introduction of a desktop search tool has touched off a competition with its closest Web search service competitors, Microsoft and Yahoo....
http://www.nytimes.com/2004/12/20/technology/20flaw.html?adxnnl=1&adxnnlx=1103550232-qEFPstMLXfbvlJN3ckSFag
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
