Sunday, February 25, 2007

Anti-DNS pinning and Google Desktop

Infoworld is running an article on Watchfire's announcement of a vulnerability in Google Desktop. In a worst case scenario, this vulnerability could give outsiders access to any item indexed by Google Desktop. Google handles this nicely - they made a patch available, but as with any such vulnerability, if it was exploited, many people would likely not have patched.

This is one reason why I strongly recommend that Google Desktop be prohibited in areas that deal with sensitive or restricted information. A third party indexing service is very dangerous if it is found to be vulnerable - and any indexing system can find files that you or your users may not realize are there. A little over two years ago Bruce Schnier wrote about the Google Desktop's indexing dangers. This is also an excellent reason to keep sensitive files encrypted and backed up on a remote system and access them only as needed.

No comments: