Flaw in Google's tool
2004-12-21 08:03
New York - A Rice University computer scientist and two of his students have discovered a potentially serious security flaw in the desktop search tool for personal computers that was recently distributed by Google, the New York Times reported on Monday.
The glitch, which could permit an attacker to secretly search the contents of a personal computer via the internet, is what computer scientists call a composition flaw - a security weakness that emerges when separate components interact, the Times reported.
Google introduced a test version of the desktop search tool on October 14, and it can be downloaded at no cost.
The program indexes material on a user's local hard disk and then blends web search results with local user information like electronic mail, text documents and other files.
According to the Times report, the flaw would permit a search to reveal only small portions of the files.
In a statement, the company said that it had been notified of the flaw by the computer researchers in late November and had started distributing a new version of the desktop search engine that repairs the potential security hole, the Times reported.
Google's introduction of a desktop search tool has touched off a competition with its closest web search service competitors, Microsoft and Yahoo.