You are here: silicon.com > Software > Security Strategy

Security Strategy

Google plugs hole in desktop search tool

To stop "password" query searches...

Tags: google, password, security, google desktop search

Printer Friendly Email Story RSS

By Joris Evers

Published: 7 December 2005 08:50 GMT

Google has made an adjustment to its desktop search tool to foil attacks that take advantage of an unpatched vulnerability in Microsoft's ubiquitous Internet Explorer web browser.

The IE bug was disclosed late last week by Matan Gillon, a security researcher in Israel. He found a way to steal information from unwitting Google Desktop users by exploiting the web browser flaw.

A Google representative said on Tuesday: "We did make an adjustment to the product to help protect users. We made the adjustment on our end. Users don't need to download a patch or take any action."

The bug in IE allows an attacker to retrieve private user data or execute operations on the user's behalf from remote domains, Gillon wrote in his description of the attack method. He crafted a web page which, when viewed in IE on a computer with Google Desktop installed, used the search tool and returned results for the query "password".

A test of the proof-of-concept page created by Gillon confirmed on Tuesday that the attack no longer works.

Microsoft on Friday said it was investigating the IE bug. The company has said it might issue a security update or an advisory on the problem.

Joris Evers writes for CNET News.com

Add Comment Add comment  Printer Friendly Print story   Email Story Email story   RSS
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Google launches Gmail security

Google desktop exploited by IE flaw

The tide has turned for online ads, says Google exec

Google to sponsor Manchester United?

Porn deluge ends as Google fixes smut glitch

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you

Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy

SMS flaw leaves iPhone vulnerable to attack

ID cards: 'A project nobody wants and the nation can't afford'

IT security training now the 'substantial' task of GCHQ

PayPal techies hit fraudsters where it hurts

SMEs on target list for UK cyber attack group


  • Jobs
IT Operations Technician

s disaster recovery architecture, developing & implementing bug fixes and ultimately developing new systems and procedures. See endco on Google maps) ...

Games Tester/Games Test Engineer/ Games QA Engineer/

Bug submission Configuration testing for video, browser, and OS issues would be beneficial. 3d Games company is looking to hire a QA Games Test ...

ASP.NET Developer Strong Web Browser Applications

ASP.NET Developer Strong Web Browser Applications My client is looking for an ASP.NET Developer. In order to be considered for this role you ...

Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

The Financial Close: Optimizing Performance and Driving Financial Excellence

Enterprise Performance Management - Financial Excellence and Beyond

A complete view of the enterprise

Making the Business Case for HR Investments

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Large Hadron Collider's grid gets stressed

Heatwave? No sweat for CIOs

Has in-flight entertainment got wings in the iPod era?

MoD inks £231m deal to boost comms

Take a trip to the future of air travel

Orange launches managed videoconferencing




Quick Sitemap Links: