 |
 Google nailed in two separate accidents
December 27, 2004
Google's both online and offline searches have shown their weaknesses lately. First it was Google Desktop Search tool that was found to carry serious security flaw, this week it is its Internet search engine itself found to be aiding hackers.
A flaw in Google's desktop search program was revealed on Monday by a team of computer researchers. They showed it could be used to capture valuable personal information from a remote user's computer.
Google Desktop Search (GDS) lets users quickly look for files and documents stored on their computers using a web browser. After installation, the program runs in the background - indexing documents, emails, instant messaging conversations and web browser history - so that searches bring up results almost instantly.
A query entered into Google on a computer running the desktop search program automatically adds results from the computer itself to results from the web. The researchers suspected that the way GDS integrates these results could prove a potential weak spot.
Google has acknowledged and patched the flaw with its December update that installs automatically when the computer with older version of the program connects to the Internet.
On 14th December, US research firm Gartner warned customers not to use the tool on computers that might contain valuable business information until it has been tested more thoroughly.
Bruce Schneier, a US computer security expert, said the flaw is potentially serious but no different to those found in many different applications every day. "Like any piece of commercial software, it's huge and complex," he told New Scientist.
Schneier adds that the automatic update process used by Google to repair installed applications might itself prove a security weak spot, but was better than relying on users to update software for themselves. "Security is always a trade-off," he says.
In another slap to Google, a new worm using its Internet search engine to help hackers find vulnerable machines have come into existence.
The "Net-Worm.Perl.Santy.a" invades websites by exploiting a vulnerability in phpBB, a popular software package used to create internet forums.
It was "spreading rapidly, and has caused an epidemic," Kaspersky Lab, the internet security firm, said in an emergency news release on Tuesday.
"Santy.a is something of a novelty - it creates a specially formulated Google search request, which results in a list of sites running vulnerable versions of phpBB," the company explained.
"Once the worm has gained control over a site its content will be wiped and overwritten with the text: "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation".
|
|
