Geek2Live

Without scrutiny, highly usable software that neglects security can seem heroic and revolutionary. Such may be the case for Google Desktop. Most users see the web-meets-desktop search capabilities and don't consider the security implications of making the boundary between google.com and the desktop so seductively porous. Particularly troubling is the potential for an attacker to access information, documents, and possibly executables through Google Desktop via flaws (XSS in particular) in Google’s website. In February Yair Amit et. al. found a vulnerability that could allow remote attackers access to data and functionality through Google Desktop. Rsnake has also pointed out some existing Google XSS vulnerabilities on his blog at ha.ckers.org . Also, consider that Google Desktop keeps a fairly sizable index and cache for rapid search that by default is unencrypted. This index contains an amazing amount of historical data: It retains previous versions of files, web-based email c...