Google also denied that they were getting info from the toolbar - that was proven to be wrong.
But there are also the malware implications. If you had your entire drive all nicely indexed, that could be valuable info to steal. So that part at least would have to be considered in an investigation
Slightly off topic - I remember a while back one of my colleagues had all his usernames and passwords stored in an excel file. This file was password protected. He installed google desktop search and this indexed the file. No problem here, until he hit the cache of the file which circumvented Excel password protection and showed all his passwords … including online banking!
Nice!
I have not tested this, but there is a potential "caching" of other systems' Google Desktop Search, within a local group. In Google Desktop, a user can share their "index" or DB, allowing other users to search through the indexed files. There is a potential of getting snapshots of deleted files, or even completely destroyed systems without ever having to turn the target machine on.
Slightly off topic - I remember a while back one of my colleagues had all his usernames and passwords stored in an excel file. This file was password protected. He installed google desktop search and this indexed the file. No problem here, until he hit the cache of the file which circumvented Excel password protection and showed all his passwords … including online banking!
Nice!
😯
I'm going to have to test that. I hope that was with an earlier buggier version.. that's interesting. Will report my findings. Thanks!
-Derrick
So I made a "user name and password" excel file. It didn't seem to work as you described. All of my other excel files showed a preview in google desktop, but the password encrypted one wont display a preview. It was probably an earlier version that you are referring to. I'm doing my testing on the latest version Google Desktop 5.1.0706.29690-en-pb
That is a very good observation though. Any idea if your friend would know what version he was using that had this vulnerability?
This is what I got when doing a search for excel files.. as you can see the password encrypted file doesn't give a preview of the context, but the others do.
This is a great discussion we have going. If anyone else has any interesting observations or encounters with Google desktop search please feel free to chime in D
-Derrick
I have not tested this, but there is a potential "caching" of other systems' Google Desktop Search, within a local group. In Google Desktop, a user can share their "index" or DB, allowing other users to search through the indexed files. There is a potential of getting snapshots of deleted files, or even completely destroyed systems without ever having to turn the target machine on.
Libertate,
I believe you are referring to this. I have not tested either, but I will tonight with my desktop and laptop. Thanks D
What interests me in that image is.. "This feature transmits the text of your indexed file to Google Desktop servers for copying to your other computer".. So, your desktop indexes ARE stored on googles servers… I wonder how hard it would be for an unethical hacker to discover these indexes. Indexes could include everything from user names, passwords, credit card numbers.. I'm curious if google encrypts this for the transfer or what…
-Derrick
Does anyone know if google desktop caches webpage history in firefox, netscape (same thing), or opera??
I'll be testing this soon also.. anyone know for sure?
Also will be testing this with a network port monitor.. just curious as to where these indexes are going if you enable sharing…
-Derrick
That is a very good observation though. Any idea if your friend would know what version he was using that had this vulnerability?
-Derrick
Hey Derrick, it was a while back I remember it happening. I believe that he said there was some option to prevent caching. I'm not sure if he opened the file and then searched for it, which in turn provided a cache.
I wish I could remember more about it, if I find out anything I'll let you know, but it was a while back.
Ronan
That is a very good observation though. Any idea if your friend would know what version he was using that had this vulnerability?
-Derrick
Hey Derrick, it was a while back I remember it happening. I believe that he said there was some option to prevent caching. I'm not sure if he opened the file and then searched for it, which in turn provided a cache.
I wish I could remember more about it, if I find out anything I'll let you know, but it was a while back.
Ronan
I opened the excel file and left it open while GDS reindexed my drive and it still doesn't display the password encrypted contents. However, if I change the default settings you see below to search "Password-protected office documents" it will cache the contents of the file.
It's possible that your friend had this checked, or it was an earlier version of google desktop search that didn't exclude password protected file during indexing. It's interesting that it can also index chats.. That could be very helpful if a user enabled that feature on a suspect machine.
Therefore, it's POSSIBLE to turn up chat logs if you see GDS on a hard drive being examined.. interesting isn't it?
-Derrick
Hi!
I was one of the authors of the paper linked on the first page, and I was looking for a list of upcoming conferences when I saw google desktop mentioned on the forums, so I had to sign up. I'm curious to see what you all make of the concept and with your own tests, because I started the original paper as a side project, but had to finish the PhD, so I stopped. I'll get back one of these days, but I love that other people are enquiring too.
For those curious, there's an expanded version of that paper at ijde.org which is a little more recent. Also, to the OP, one of the authors works for an Australian state policing agency, and he's (apparently) used GDS in real case work. I'm not sure to what ends and output though.
It's true - the early versions of GDS indexed everything and had no delete function - when I presented the linked paper, I put up a screen from my online bank with all my accounts, balances and recent transactions, because the SSL page was saved.
Cheers,
Ben