Google takes quick action against Desktop threat

Google takes quick action against Desktop threat

A flaw in Microsoft's Internet Explorer could be exploited to hackers' advantage who could scan hard drives using Google's Desktop Search, it had emerged yesterday. But Google appears to have altered its code slightly o that it was no longer vulnerable to being affected by this particular flaw.

This glitch was first brought to the notice by an Israeli hacker Matan Gillon who said that the flaw was in the way the Internet Explorer handled CSS (Cascading Style Sheets) Web Pages, "Google Desktop users who use IE are currently completely exposed. An experienced attacker can covertly harvest their hard drives for sensitive information such as passwords and credit card numbers. Since Google also indexes e-mails which can be read in the web interface itself, it's also possible to access them using this attack," he said.

Gillon has also posted a proof of the exploit online. The flaw tricks users into visiting a bogus site and thus acquirers control over their system. It apparently has no effect on other browsers and can be avoided by turning off JavaScript.

Gillon says that now that code is not working on Google since he believes that they have slightly altered their code. According to CIO Today, “Google has made a correction to its Desktop Search service so that it cannot be used any longer in conjunction with the remote attack." However Google has maintained that the flaw is in IE so it is still a threat.

Commenting on Google's swift response to this threat, Gartner vice president Neil MacDonald said, “Even though Internet Explorer is the root cause of the vulnerability, Google's changing its Desktop Search so that it was no longer remotely accessible though the vulnerability in IE was the responsible thing for Google to do." He added that the move would protect Google's Desktop Search until Microsoft was able to fix the problem.