| |
Google Desktop Search: Security Threat
Last issue, (# 47 A Simple Way to Find Any File on your Computer),
I introduced you to the Google Desk Top Search tool. I love it,
it has changed my life, or at least the computer related part.
However all is not as it appears. Wayne Clements from Business
Solutions With Integrity Inc. sent me this article. You should know
about this if you use the Google Desk Top Search.
“Google Desktop Search might just be too good. Using the new software,
I was able to bypass user names and passwords that secure Web-based
e-mail programs and view personal messages sent and received on
public PCs.
Using Google's new software on a shared computer at the Google booth
at the Digital Life trade show floor I was able to easily search
for, find, and read private Yahoo e-mail sent on the computer by
previous users earlier in the day.
Marissa Mayer, Google's director of consumer Web products, told
me she wasn't surprised. "This is not a bug, rather a feature,"
she says. Google always intended people to be able to index and
search Web-based e-mail viewed and composed on PC, she says. Google
Desktop Search is not intended to be used on computers that are
shared with more than one person, she says.
Whether or not Google intended this, I take great pause at knowing
any e-mail I write or read on a PC with Google Desktop Search could
be called up and read by a complete stranger.
To find old e-mail on the PC, I searched for "compose"
and "inbox" using Google Desktop Search. This allowed
me to view pages that Google Desktop Search had indexed. I was not
able to access the query results directly, but Google Desktop Search
stores cached versions of search results found on your desktop,
just like it does for its Web searches. The cached versions of the
pages could be viewed.
By accessing Google Desktop Search cached pages I could then easily
access multiple Web-based e-mail accounts and view some of the messages
that had been opened previously in the browser. Searching for "compose"
yielded the most startling results. I was able to read private missives
sent on the PC very easily.
On one computer alone I was able to access no less that 10 personal
e-mails that had been sent using password-protected Web-based e-mail
accounts.
Mayer dismissed my concern that this is a security issue. She points
out that you can configure Google Desktop Search not to index Web
pages or specific domains. That would prevent Google Desktop Search
from indexing and caching the URL 'mail.yahoo.com'.
|
