Google Desktop Privacy? OR Lack Of..

Use Netsparker

With the advent of Web 2.0 and more powerful, user friendly web applications, security and privacy concerns have increased.

Moreso with the new version of Google Desktop coming out, although this is not strictly a web application, they will be storing your data online.

Yes, version 3 adds the ability to “access your documents from anywhere”, or search across machines..meaning they’re sent to Google’s Servers.

EFF’s article about it

And yes, they will RETAIN your data for 30 days.

This means your data is stored WITH Google for 30 days, if you like it or not, so the security of your data is totally under the control of Google, not you.

Not so great eh?

Even with version 3 Google ‘connected’ its Desktop Search software.

Google has unveiled a updated version of its Google Desktop tool that will automatically transfer information between computers.

Google Desktop version 3 allows users to search and access information from any computer that runs the software, a feature that Google refers to as Search Across Computers.

A user could, for instance, access a personal file from his work PC or share information between computers in different rooms in a house.

The new version was very innocently introduced at the Google Blog.

Now there’s v.3, in which you can also search across multiple computers to find your information. You don’t have to worry about where it lives; it’s available anywhere you are. If you’ve ever created a document but forgot whether it’s on your laptop or desktop, then you can appreciate why we built this feature.

Imagine the implication of this aswell, if you can hack Google Desktop, or somehow redirect it to Search other peoples machines?

Imagine the fun we are going to have with this.

Plus the added prize now of breaking into Googles datacenter, with thousands or perhaps millions of PC’s cached their with all that lovely private data.

Something to think about eh?

We’ll be writing more about AJAX/Web 2.0 security soon, watch this space.

Posted in: Windows Hacking

, , , , ,

Latest Posts: - Test SSL Security Including Ciphers, Protocols & Detect Flaws – Test SSL Security Including Ciphers, Protocols & Detect Flaws is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.

2 Responses to Google Desktop Privacy? OR Lack Of..

  1. Ben February 15, 2006 at 7:25 am #

    It truly would be a handy feature to be able to access your documents anywhere in this fashion; but, the possible security problems would make it quite risky. Especially considering the recent hack of gmail. Thanks for pointing this out, might have saved me from having a bunch MORE personal documents searchable on google.
    Try on google search: filetype:qbb
    Dangerous amount of stuff in google already.

  2. Darknet February 15, 2006 at 7:53 am #

    Ben: Yah I agree it might be a good feature, but well implemented the wrong way…30 day retention on their servers if you want to use the feature? Not a good idea if you ask me. Yeah you should check out the Google Hacks Database :)