We've been building HackADay.com in stealth/beta mode for the past couple of
weeks , and today I noticed a really important post
regarding Google's new Desktop Search.
It turns out some clever people have figuring out how to search another person's desktop. Now, you have to have access
to that computer, but you can imagine the implications of this if someone did it on their manager desktop at their
office, or their kids desktop.
Sure, you could have done this with key-capture software any time in the past twenty years, but combining this with
the power of the Google Desktop is really dangerous.
I guess users are going to have to get even more careful about what they store on their machines, what software they
install, and who they let use their machines!
Hacking the Google Desktop
Reader Comments
(Page 1)3. You are correct. Machine #1, running the Java proxy, must specify the IP address of machine #2, if machine #2 will be allowed to conduct a Desktop Search of machine #1 remotely. You're correct about that. However, then anybody using machine #2 has access to machine #1.
So there are two dangerous scenarios:
You install the proxy in somebody else's computer, giver your own IP address access to it, and gain unauthorized access.
You install the proxy in your own computer, give another computer access, then unauthorized individuals use that access.
Sorry for complicating things with my original comment.
6. Jason, sorry, but you've got the facts a little confused. The important point in the blog entry you cite is that you *don't* need hands-on access to the raided computer. In other words, with the Google Desktop Search proxy discussed here--
http://www.projectcomputing.com/resources/desktopProxy/
--a person could search the files of a remote computer.
The issue of searching a public computer, or having one's personal computer searched by an unauthorized user, is a matter getting a lot of press lately. I first covered it in this entry--
http://google.weblogsinc.com/entry/8042605494861249/
--on October 15.
8. You are correct. Machine #1, running the Java proxy, must specify the IP address of machine #2, if machine #2 will be allowed to conduct a Desktop Search of machine #1 remotely. You're correct about that. However, then anybody using machine #2 has access to machine #1.
So there are two dangerous scenarios:
You install the proxy in somebody else's computer, giver your own IP address access to it, and gain unauthorized access.
You install the proxy in your own computer, give another computer access, then unauthorized individuals use that access.
Sorry for complicating things with my original comment.
1. Jason, sorry, but you've got the facts a little confused. The important point in the blog entry you cite is that you *don't* need hands-on access to the raided computer. In other words, with the Google Desktop Search proxy discussed here--
http://www.projectcomputing.com/resources/desktopProxy/
--a person could search the files of a remote computer.
The issue of searching a public computer, or having one's personal computer searched by an unauthorized user, is a matter getting a lot of press lately. I first covered it in this entry--
http://google.weblogsinc.com/entry/8042605494861249/
--on October 15.
Posted at 4:38AM on Dec 19th 2005 by Brad Hill