You are here: silicon.com > Software > Security Strategy

Security Strategy

Google plugs hole in desktop search tool

To stop "password" query searches...

Tags: google, password, security, google desktop search

By Joris Evers

Published: 7 December 2005 08:50 GMT

Google has made an adjustment to its desktop search tool to foil attacks that take advantage of an unpatched vulnerability in Microsoft's ubiquitous Internet Explorer web browser.

The IE bug was disclosed late last week by Matan Gillon, a security researcher in Israel. He found a way to steal information from unwitting Google Desktop users by exploiting the web browser flaw.

A Google representative said on Tuesday: "We did make an adjustment to the product to help protect users. We made the adjustment on our end. Users don't need to download a patch or take any action."

The bug in IE allows an attacker to retrieve private user data or execute operations on the user's behalf from remote domains, Gillon wrote in his description of the attack method. He crafted a web page which, when viewed in IE on a computer with Google Desktop installed, used the search tool and returned results for the query "password".

A test of the proof-of-concept page created by Gillon confirmed on Tuesday that the attack no longer works.

Microsoft on Friday said it was investigating the IE bug. The company has said it might issue a security update or an advisory on the problem.

Joris Evers writes for CNET News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business


  • Jobs
Java / WebObjects Developer / Java / WebObjects Programmer - London

Design, implementation and testing of new databases Maintenance of existing Java code base – bug fixes and enhancements To qualify for this ...

Analytics Lead

Experience of Webtrends Visitor Intelligence, Score, Dynamic Search (or other search tool) Experience of using and implementing Google Analytics An ...

Electronics Engineer

This will include:Concept generation Analysis and development of system architectures Analogue, digital and power electronics design Working closely ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: