[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4197049C.6020407@cornell.edu>
Date: Sun, 14 Nov 2004 02:09:16 -0500
From: Elliott Bäck <ecb29@...nell.edu>
To: bugtraq@...urityfocus.com
Subject: Google Desktop Search ignores Preferences
Overview:
-----------------------------------------
Product: Google Desktop Search
Versions: Beta 100504 (Current version)
Date: 11-13-2004
Risk: Low (Local disclosure)
Product Information:
-----------------------------------------
From the application, "Google Desktop Search application indexes and
stores versions of your files and other computer activity, such as
email, chats, and web history. These versions may also be mixed with
your Web search results to produce results pages for you that integrate
relevant content from your computer and information from the Web. Your
computer's content is not made accessible to Google or anyone else
without your explicit permission."
Vulnerabilities:
-----------------------------------------
Although one of the features of Google Desktop Search is to archive web
history in its index for future searching, unchecking the preference to
archive "Web History" and saving the preference does not clear the web
history from the index. It only prevents the archiving of future
web-history. It is therefore possible for any other user on the machine
to reset the preferences and recover all archived web history, or probe
the index file (in theory).
Workaround:
-----------------------------------------
Manually delete the index or the portions of Web History through the
Google interfaces that are considered sensitive.
Vendor:
-----------------------------------------
Google support has been notified of this minor issue.
Thanks,
Elliott C. Bäck
www.elliottback.com
Powered by blists - more mailing lists