Disclosure of Web History in Google Desktop Search
Overview:
Product: Google Desktop Search
Versions: Beta 100504 (Current version)
Date: 11-13-2004
Risk: Low (Local disclosure)
Product Information:
From the application, “Google Desktop Search application indexes and stores versions of your files and other computer activity, such as email, chats, and web history. These versions may also be mixed with your Web search results to produce results pages for you that integrate relevant content from your computer and information from the Web. Your computer’s content is not made accessible to Google or anyone else without your explicit permission.”
Vulnerabilities:
Although one of the features of Google Desktop Search is to archive web history in its index for future searching, unchecking the preference to archive “Web History” and saving the preference does not clear the web history from the index. It only prevents the archiving of future web-history. It is therefore possible for any other user on the machine to reset the preferences and recover all archived web history, or probe the index file (in theory).
Workaround:
Manually delete the index or the portions of Web History through the Google interfaces that are considered sensitive.
Vendor:
Google support has been notified of this minor issue.
This entry was posted on Sunday, November 14th, 2004 at 3:27 am and is tagged with web history, web search results, google, search overview, search application, computer activity, archive web, desktop search, index file, explicit permission, relevant content, archiving, current version, vulnerabilities, disclosure, preference, indexes, chats, beta, risk. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.
Add New Comment
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Add New Comment
Trackbacks
(Trackback URL)