[情報] Google 桌面搜尋的 bug
http://news.zdnet.com/2100-1009_22-5497885.html?tag=default
Google: We've fixed desktop search tool flaw
By Dan Ilett and Graeme Wearden ZDNet (UK) December 20, 2004, 7:52 AM PT
Google says it has fixed a flaw that could have allowed hackers to search
the contents of PCs running the company's desktop search tool.
According to a statement issued Monday by the Web search company, it has
rolled out a fix for the vulnerability. The flaw in the tool was discovered
in late November by a Rice University computer scientist and two of his
students.
A Google representative said, "We were made aware of this vulnerability
with the Google Desktop Search software and have since fixed the problem
so that all current and future users are secure."
Dan Wallach, an assistant professor of computer science at Rice University,
discovered the vulnerability while working with graduate students Seth
Fogarty and Seth Nielson. Wallach describes it as a composition flaw--where
a security weakness is caused by the interaction of several separate
components.
According to The New York Times, which first reported the discovery of the
flaw, Wallach, Fogarty and Nielson found that the Google desktop tool looks
for traffic that appears to be going to Google.com and then inserts results
from a user's hard disk for a particular search.
They managed to trick the Google desktop search program into inserting
those results into other Web pages where an attacker could read them. This
would only work after a user had visited an attacker's Web site, upon which
a Java program (as created by the Rice group) would be able to fool the
Google desktop software into providing the user's search information. The
program was able to do anything with the results, including transmitting
them back to the attacking site.
The disclosure of this flaw comes just days after research company Gartner
warned businesses to steer clear of Google's desktop search tool until a
more robust, enterprise-ready version is released.
Security experts have also warned that virus writers could use desktop
search tools to make their malware more efficient.
Dan Ilett and Graeme Wearden of ZDNet UK reported from London.
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 61.222.173.26
CSSE 近期熱門文章
PTT數位生活區 即時熱門文章
-1
12