You are here: silicon.com > Software > Security Strategy

Google plugs hole in desktop search tool

To stop "password" query searches...

Tags: google, password, security, google desktop search

By Joris Evers

Published: 7 December 2005 08:50 GMT

Google has made an adjustment to its desktop search tool to foil attacks that take advantage of an unpatched vulnerability in Microsoft's ubiquitous Internet Explorer web browser.

The IE bug was disclosed late last week by Matan Gillon, a security researcher in Israel. He found a way to steal information from unwitting Google Desktop users by exploiting the web browser flaw.

A Google representative said on Tuesday: "We did make an adjustment to the product to help protect users. We made the adjustment on our end. Users don't need to download a patch or take any action."

The bug in IE allows an attacker to retrieve private user data or execute operations on the user's behalf from remote domains, Gillon wrote in his description of the attack method. He crafted a web page which, when viewed in IE on a computer with Google Desktop installed, used the search tool and returned results for the query "password".

A test of the proof-of-concept page created by Gillon confirmed on Tuesday that the attack no longer works.

Microsoft on Friday said it was investigating the IE bug. The company has said it might issue a security update or an advisory on the problem.

Joris Evers writes for CNET News.com

Add comment

Print story with

Email story

Google launches Gmail security

Google desktop exploited by IE flaw

The tide has turned for online ads, says Google exec

Google to sponsor Manchester United?

Porn deluge ends as Google fixes smut glitch

In silicon.com

Commentary

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...

Latest News

Has Barclays stamped out fraud with PINsentry?

Courts to save millions with streamlined tech

Soham report IT systems still not in place

RIM warns on BlackBerry PDF flaw

Privacy chief fights UK-wide database

Coming soon - malware threats to iPhone 2.0?

Jobs

Graduate and Intern Opportunities with Google

Our work at Google also requires ideas from many non-technical fields, and we currently have New Graduate and Intern positions available in ...

SEO optimisation specialist

Candidates should have contemporary understanding of Google Ad words and associated algorithms. A leading creative agency requires a search engine ...

Application DBA/ Engineer. European Invetsment Bank. 50-60k+benefits

Replication Server, Transact-SQL, data modelling, stored procedures and query writing, database operations, including bug fixes, performance tuning ...

Special Report Focus

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.