lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAoCvNsEMfE0ClpoD8BfPb3iKFAAAQAAAAzF9iiCnLM0q8wbayqoneGQEAAAAA@gmail.com>
Date: Sat Feb 11 02:18:54 2006
From: charles.heselton at gmail.com (Charles Heselton)
Subject: blocking Google Desktop

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Michael Holstein
> Sent: Friday, February 10, 2006 11:37 AM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] blocking Google Desktop
> 
> > I would also venture to say that they should be publicizing
> > information for corporations to be able to block this wholesale
> > (google desktop and gmail chat), since we all know there 
> are financial
> > institutions where people work, and think nothing of saving customer
> > data onto laptops.
> 
> Agreed. I'm actually working on testing it now, to figure out how to 
> write snort sigs to (detect) and/or (block) it -- assuming I 
> can't just 
> blackhole *desktop.google.com on DNS.

This may work.  However it's easily subverted.  I would imagine that it
would become a chore to maintain the block-list.

> 
> I might just block their ads as well (/pagead/iclk? in URLs) out of 
> spite for them doing this stupid trick with their desktop product.
> 
> FWIW, we're sending out notices that this is NOT to be 
> installed on any 
> University-owned PC, violators get their machine re-imaged.
> 
> Cheers,
> 
> Michael Holstein CISSP GCIA
> Cleveland State University

Based on some very basic analysis, it looks like the Google Desktop Search
(GDS) uses a custom User-Agent string.  This can be detected in proxy and/or
IDS logs/signatures.  The string is:

User-Agent: Mozilla/4.0 (compatible; Google Desktop)

This should make it trivial to track systems with it installed.

--
- Charlie
 
5A27 58D2 C791 8769 D4A4  F316 7BF8 D1F6 4829 EDCF
 
 In memoriam:  http://www.militarycity.com/valor/1029976.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ