lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4197049C.6020407@cornell.edu>
Date: Sun, 14 Nov 2004 02:09:16 -0500
From: Elliott Bäck <ecb29@...nell.edu>
To: bugtraq@...urityfocus.com
Subject: Google Desktop Search ignores Preferences


Overview:
-----------------------------------------
 Product: Google Desktop Search
Versions: Beta 100504 (Current version)
    Date: 11-13-2004
    Risk: Low (Local disclosure)

Product Information:
-----------------------------------------
 From the application, "Google Desktop Search application indexes and 
stores versions of your files and other computer activity, such as 
email, chats, and web history. These versions may also be mixed with 
your Web search results to produce results pages for you that integrate 
relevant content from your computer and information from the Web.  Your 
computer's content is not made accessible to Google or anyone else 
without your explicit permission."

Vulnerabilities:
-----------------------------------------
Although one of the features of Google Desktop Search is to archive web 
history in its index for future searching, unchecking the preference to 
archive "Web History" and saving the preference does not clear the web 
history from the index.  It only prevents the archiving of future 
web-history.  It is therefore possible for any other user on the machine 
to reset the preferences and recover all archived web history, or probe 
the index file (in theory).

Workaround:
-----------------------------------------
Manually delete the index or the portions of Web History through the 
Google interfaces that are considered sensitive.

Vendor:
-----------------------------------------
Google support has been notified of this minor issue.

Thanks,
Elliott C. Bäck
www.elliottback.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ