Internet Plus Your Desktop = Bad News

Google just fixed a flaw in their desktop search product, one that could’ve allowed an attacker to search their computer for anything and possibly could’ve allowed them to take over their computer by running malicious code. This vulnerability was first reported to Google on January 4th and was patched by Google on February 1st, long before the public even knew about it. Google is automatically updating their software, but if you are worried you can download their latest version by following this link , where you can also download other free software from Google.

In addition to its bug fix, Google has added, “another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future,” Schnitt said. “We have received no reports that this vulnerability was exploited,” he added.

For this attack to work, the criminal would have to first go through a number of steps, including hacking to find a cross site scripting vulnerability on the Web site — something that has been done several times in the past year, according to Watchfire.

If successful, however, the attack would be devastating. A criminal could search for anything on the computer or even take over the victim’s computer by tricking Google desktop into running malicious software stored on another computer, Watchfire claims. Source: Google patches serious desktop flaw

Sounds like a lot of steps to exploit a vulnerability like this one, but, as the article said, several cross site scripting vulnerabilities were discovered on Google last year alone. This just goes to show what can, and WILL, eventually happen as the desire for companies to own users desktops with their little applications, the more stuff you have running on your computer, the more stuff has access to the internet, the more trouble we will eventually have. Google search is great, but will not be running on my computers, who needs that kind of search power on their desktop anyway, doesn’t everyone just throw everything in folders in MyDocuments anyway?