CIO Today
CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
Daily Briefing for Technology's Top Decision-Makers
Tuesday, February 9th 
Home
Enterprise Software
Enterprise Hardware
Network Security
Compliance
CRM Systems
Data Storage
Chips & Processors
Operating Systems
Communications
World Wide Web
Wireless Tech
Small Business
CIO Issues
Business Briefing
After Hours
Press Releases
 

Advertisement
Network Security

Google Fixes Desktop Search Loophole

Google Fixes Desktop Search Loophole By Robin Arnfield
December 5, 2005 10:25AM

Bookmark and Share
"Even though Internet Explorer is the root cause of the vulnerability, Google's changing its Desktop Search so that it was no longer remotely accessible though the vulnerability in IE was the responsible thing for Google to do," said Gartner Research vice president Neil MacDonald.


Google has strengthened its Desktop Search tool so that it cannot be used any longer by hackers who are exploiting an unpatched vulnerability in Microsoft Relevant Products/Services's Internet Explorer software.

Last week, Matan Gillon, an Israeli security researcher, reported that he had found a way to use an Internet Explorer vulnerability in conjunction with Google Desktop Search to penetrate Windows Relevant Products/Services PCs and obtain personal information from them.

There is a fault in the way that IE processes Cascading Style Sheet (CSS) rules, Gillon wrote in a Web posting. CSS, a method for creating common fonts and formats for Web pages, is used extensively on the Internet.

Gillon said he created a test Web page that, when viewed in Internet Explorer on a computer running Google Desktop, allowed him to search that computer for passwords. The researcher said the vulnerability in Internet Explorer could allow a hacker to steal private information from a victim's computer.

The hacker then could use this information to carry out transactions in the victim's name over the Internet.

Acting Responsibly

Google has made a correction to its Desktop Search service Relevant Products/Services so that it cannot be used any longer in conjunction with the remote attack.

"Even though Internet Explorer is the root cause of the vulnerability, Google's changing its Desktop Search so that it was no longer remotely accessible though the vulnerability in IE was the responsible thing for Google to do," said Gartner Research vice president Neil MacDonald. "This will protect Google's Desktop Search users until Microsoft addresses the root cause issue."

Because Microsoft and Google compete for desktop Relevant Products/Services search capabilities, said MacDonald, the negative publicity was not good for Google. But, rather than take a black eye for what fundamentally is a problem with Internet Explorer, Google has fixed the problem directly, he noted.

"This still leaves open other CSS-based attacks on other products as long as the vulnerability in IE remains," he said. "Now the ball is back in Microsoft's court where it should have been from the beginning."

Updating Desktops

"Google was able to address the problem quickly because it didn't require changing any code at the user's desktop," MacDonald said. "Google applied more stringent security controls on its main site, which shut down the exploit." (continued...)

1  |  2  |  Next Page >

Advertisement

Also Visit:


 Network Security
1. China Cyberattacks: Pervasive Threat
2. Patch Tuesday Will Tie MS Record
3. Cybersecurity Appears Hot for 2010
4. EPIC Objects To Google-NSA Ties
5. Torrent Traps Used To Harvest Logins


advertisement


 Most Popular Articles
1. Facebook Users Can Get McAfee Virus Protection
2. Reporters Invited To an Apple Event Set Next Week
3. New York Times May Charge for Its Online Content
4. Adobe, Oracle Make Up for Light MS Patch Tuesday
5. Zuckerberg's Comments Unleash Firestorm of Dissent

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports
google
desktop
search

  MS: Russian Pirates Scamming Us
  Google May Make Gmail More Social
  Analysts Expect iPad Price To Drop
  China Busted Hacker-Training Site
  Nook E-Reader Heads to Retail Stores

 Technology Marketplace
Compliance
Stand out from other IS Professionals and increase your earning potential.®).
 
Enterprise Hardware
Now is the best time to buy a new APC Smart-UPS!
HP ProLiant G6 Servers: Perform like a superstar, Save like an accountant www.hp.com
 
Enterprise I.T.
Learn how Microsoft server upgrades can create efficiencies
Stand out from other IS Professionals and increase your earning potential.®).
 
Hardware
Find out why now is the best time to buy a new APC Smart-UPS!
 
Microsoft/Windows
Read about how to add efficiencies with Microsoft Virtualization.
 
Network Security
AT&T Synaptic Compute as a Service. Boost your power on demand.
 
Mobile Enterprise Spotlight

Analysts See iPad Price Drop, with Some Cannibalization
Just weeks before Apple officially rolls out the iPad, financial analysts are making pricing predictions. But could the analysis itself hinder the initial demand for the pricey tablet computer?
Bar Codes Go Mobile, Get Hip Again
For decades, retailers have used patterns of black dots and lines to encode data onto products. Now, bar codes are gaining favor as an easy way for cell-phone users to view ads and other data instantly.
'Dead Simple, Dirt Cheap' JooJoo Tablet Shipping Soon
The JooJoo, a web-browsing tablet device that is the subject of a high-profile legal dispute, appears on track to reach buyers at the end of February, but the tablet scene has dramatically changed.

 Advertisement
Enterprise Software Spotlight

Google May Add Facebook, Twitter Links to Gmail
Google will reportedly roll more social-networking features into Gmail, the fastest-growing e-mail service. The new features could save users the trouble of switching to Facebook or Twitter.
SAP CEO Abruptly Resigns; Co-CEOs Will Take Over
Business-software maker SAP announced an abrupt strategic shift in the corporate suite with Léo Apotheker resigning as CEO, to be replaced by co-CEOs Bill McDermott (left) and Jim Hagemann Snabe (right).
Cybersecurity Vendors Look Hot in 2010
Tech-security companies are poised to become Wall Street darlings this year, thanks in part to Google's tiff with China, which reinforced an already positive outlook for major security vendors.

 Advertisement
Navigation
CIO Today
Home/Top News | Enterprise Software | Enterprise Hardware | Network Security | Compliance | CRM Systems | Data Storage
Chips & Processors | Operating Systems | Communications | World Wide Web | Wireless Tech | Small Business | CIO Issues
Business Briefing | After Hours | Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | Free Whitepapers | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2010 CIO Today. All rights reserved. Article rating technology by Blogowogo.