A Lone Star Times article released today, presented the findings of Dan Wallach, a Rice University professor, and two of the university’s computer science graduate students, who have discovered a serious security flaw in Google’s Desktop Search application for personal computers. The discovery suggested that the security hole could potentially allow an attacker to search the contents of a personal computer via the internet. I have been unable to determine if this means that an attacker would also have access to contents of a PC that was breached using this flaw, either on the hard drive or through the cached documents that are stored by the Desktop search tool.
According to Professor Wallach, he and his colleagues notified Google of their discovery, and according to him, Google has stated that the security flaw has been fixed in an update of the Desktop Search Tool and is currently being implemented through an auto-update feature (The updated version No. is 121004). My primary concern is Google’s failure to pro-actively notify the users of its Desktop Search Tool. I am a GMAIL user, Shared Computing participant and a subscriber to Google’s general notifications and news releases and yet I did not recieve any notification of the security flaw that could potentially expose my personal files and information. Quite obviously Google’s primary concern was to get this taken care of quietly, not to take care of its users.