Researchers at Rice University on Monday made public a bug in Google Desktop Search that could let hackers secretly search the contents of a user's hard drive. Google, which was made aware of the flaw last month, has created a fix and is updating the software automatically as users connect to the Internet.
December 20, 2004 (12:59 PM EST) By TechWeb News Dan Wallach, an assistant professor of computer science at Houston's Rice University, discovered the vulnerability with the help of two graduate students, Seth Fogarty and Seth Nielson. Wallach characterized the flaw as "serious," and said in an online advisory posted to the Computer Security Lab's Web site that an attacker would be able to read small pieces of files indexed by Google Desktop Search. "If you had a file with a list of passwords, for example, an attacker might be able to read some of those passwords," said Wallach in the advisory.
The only easy day was yesterday.
...some do, some don't; some will, some won't (WR)