[IP] Google Desktop Search: Security Threat?
Begin forwarded message:
From: Sashikumar N <sashikumar.n@xxxxxxxxx>
Date: October 15, 2004 5:09:11 PM GMT+01:00
To: dave@xxxxxxxxxx
Subject: Google Desktop Search: Security Threat?
Reply-To: Sashikumar N <sashikumar.n@xxxxxxxxx>
Prof Dave,
For IP if you like....
regards
sashi
http://blogs.pcworld.com/staffblog/archives/000264.html
Google Desktop Search: Security Threat?
Posted by Tom Spring
Friday, October 15, 2004, 06:29 AM (PST)
Google Desktop Search might just be too good. Using the new software,
I was able to bypass user names and passwords that secure Web-based
e-mail programs and view personal messages sent and received on public
PCs.
Using Google's new software on a shared computer at the Google booth
at the Digital Life trade show floor I was able to easily search for,
find, and read private Yahoo e-mail sent on the computer by previous
users earlier in the day.
Marissa Mayer, Google's director of consumer Web products, told me she
wasn't surprised. "This is not a bug, rather a feature," she says.
Google always intended people to be able to index and search Web-based
e-mail viewed and composed on PC, she says. Google Desktop Search is
not intended to be used on computers that are shared with more than
one person, she says.
Whether or not Google intended this, I take great pause at knowing any
e-mail I write or read on a PC with Google Desktop Search could be
called up and read by a complete stranger.
To find old e-mail on the PC, I searched for "compose" and "inbox"
using Google Desktop Search. This allowed me to view pages that Google
Desktop Search had indexed. I was not able to access the query results
directly, but Google Desktop Search stores cached versions of search
results found on your desktop, just like it does for its Web searches.
The cached versions of the pages could be viewed.
By accessing Google Desktop Search cached pages I could then easily
access multiple Web-based e-mail accounts and view some of the
messages that had been opened previously in the browser. Searching for
"compose" yielded the most startling results. I was able to read
private missives sent on the PC very easily.
On one computer alone I was able to access no less that 10 personal
e-mails that had been sent using password-protected Web-based e-mail
accounts.
Mayer dismissed my concern that this is a security issue. She points
out that you can configure Google Desktop Search not to index Web
pages or specific domains. That would prevent Google Desktop Search
from indexing and caching the URL "mail.yahoo.com".
Google has had to face security questions in the past over its GMail
Web-based e-mail service.
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/