Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Google Desktop and Security

from [Snehal Kumar] Network Security [Permanent Link]
Subject: RE: Google Desktop and Security
Date: Sun, 5 Feb 2006 15:49:11 +0400 
Hi Mark,

Here are some inputs from me...

Google Desktop Search lets users search documents, spreadsheets, e-mail,
instant messages and Web pages that have been visited by that PC. To
enable this, it creates cached versions of Web content -- which could
include sensitive corporate information stored on servers and accessed
via a Web interface. 

There are some security issues, though. The problem is that GDS indexes
and finds documents that you may prefer not be found. For example, GDS
searches your browser's cache. This allows it to find old Web pages
you've visited, including online banking summaries, personal messages
sent from Web e-mail programs and password-protected personal Web pages.

GDS can also retrieve encrypted files. No, it doesn't break the
encryption or save a copy of the key. However, it searches the Windows
cache, which can bypass some encryption programs entirely. And if you
install the program on a computer with multiple users, you can search
documents and Web pages for all users.

GDS isn't doing anything wrong; it's indexing and searching documents
just as it's supposed to. The vulnerabilities are due to the design of
Internet Explorer, Opera, Firefox, PGP and other programs.

First, Web browsers should not store SSL-encrypted pages or pages with
personal e-mail. If they do store them, they should at least ask the
user first.

Second, an encryption program that leaves copies of decrypted files in
the cache is poorly designed. Those files are there whether or not GDS
searches for them.

Third, GDS' ability to search files and Web pages of multiple users on a
computer received a lot of press when it was first discovered. This is a
complete nonissue. You have to be an administrator on the machine to do
this, which gives you access to everyone's files anyway.
Some people blame Google for these problems and suggest, wrongly, that
Google fix them. What if Google were to bow to public pressure and
modify GDS to avoid showing confidential information? The underlying
problems would remain: The private Web pages would still be in the
browser's cache; the encryption program would still be leaving copies of
the plain-text files in the operating system's cache; and the
administrator could still eavesdrop on anyone's computer to which he or
she has access. The only thing that would have changed is that these
vulnerabilities once again would be hidden from the average computer
user.

In the end, this can only harm security.

GDS is very good at searching. It's so good that it exposes
vulnerabilities on your computer that you didn't know about. And now
that you know about them, pressure your software vendors to fix them.
Don't shoot the messenger.

Ref. http://www.internetnews.com/security/article.php/3434981


Thanks and regards,

Snehal Kumar

-----Original Message-----
From: Mark [mailto:elihusmails@gmail.com] 
Sent: 02 February 2006 23:27
To: security-basics@securityfocus.com; elihusmails@gmail.com
Subject: Google Desktop and Security

I am interested in using Google Desktop, but am concerned about the
potential for security leaks from my computer.  I am uncomfortable
with Google indexing my hard drive.  I have read that you can turn off
indexing, so I feel better about that.

Could someone please provide more information about what other
security issues the Google Desktop may present.

Thank you.

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting
experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity
Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: MS in information security, Craig Wright
Next by Date:  RE: MS in information security, Bob Beringer
Previous by Thread:  Re: Google Desktop and Security, Alice Bryson
Next by Thread:  RE: Google Desktop and Security, Joe George
Indexes:  [Date] [Thread] [Top] [All Lists]