You are here: silicon.com > Software > Security Strategy

Security Strategy

Google plugs hole in desktop search tool

To stop "password" query searches...

Tags: google, password, security, google desktop search

Printer Friendly Email Story RSS

By Joris Evers

Published: 7 December 2005 08:50 GMT

Google has made an adjustment to its desktop search tool to foil attacks that take advantage of an unpatched vulnerability in Microsoft's ubiquitous Internet Explorer web browser.

The IE bug was disclosed late last week by Matan Gillon, a security researcher in Israel. He found a way to steal information from unwitting Google Desktop users by exploiting the web browser flaw.

A Google representative said on Tuesday: "We did make an adjustment to the product to help protect users. We made the adjustment on our end. Users don't need to download a patch or take any action."

The bug in IE allows an attacker to retrieve private user data or execute operations on the user's behalf from remote domains, Gillon wrote in his description of the attack method. He crafted a web page which, when viewed in IE on a computer with Google Desktop installed, used the search tool and returned results for the query "password".

A test of the proof-of-concept page created by Gillon confirmed on Tuesday that the attack no longer works.

Microsoft on Friday said it was investigating the IE bug. The company has said it might issue a security update or an advisory on the problem.

Joris Evers writes for CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Google launches Gmail security

Google desktop exploited by IE flaw

The tide has turned for online ads, says Google exec

Google to sponsor Manchester United?

Porn deluge ends as Google fixes smut glitch

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year


  • Jobs
Java / WebObjects Developer / Java / WebObjects Programmer - London

Design, implementation and testing of new databases Maintenance of existing Java code base – bug fixes and enhancements To qualify for this ...

Analytics Lead

Experience of Webtrends Visitor Intelligence, Score, Dynamic Search (or other search tool) Experience of using and implementing Google Analytics An ...

Electronics Engineer

This will include:Concept generation Analysis and development of system architectures Analogue, digital and power electronics design Working closely ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

The Truth About Wasteful Spending on Software: How to Stop Giving Your Software Vendors...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


ID card database: 500 names added in first month

Women in IT: Tech has an image problem

Tesco Mobile to get a taste of Apple's iPhone

Marketing chiefs: Are you spamming your customers?

IT skills shortage squashed by recession?

Users tell SAP: 'We need to talk more'




Quick Sitemap Links: