Google Desktop Search security issue? Touching on a topic we've addressed before: Google Desktop Search. We have in the past maintained (internally) that it is not to be installed on company desktops until its various security concerns are addressed, including the lack of security on the index that can allow remote network files to be re-created from local, less secure information. The new version (1.0) seems to correct some of the security problems the betas had. However...

It now appears that you may be able to use the new version to search content (without any authentication) on other users' PCs. Given the techniques for the attack, it is assumed that the attacked PC has GDS on it as well, but it should give pause to all before installing it on your own machine.

Or maybe not: after all, you have firewalls on all your machines, right?

A huge security hole? Eh... not so much. I would point out that the GDS exploit I mentioned in my previous email requires you to have a port redirector (datapipe, in this case, but could work with SSH) installed on the remote machine. So it's not like your machine is freely available just because it has GDS installed. If you can install datapipe, there are many other apps you can install that will allow you remote access to the machine.  ¶ 3/15/2005 09:52:00 PM