Google Desktop Search: Security Flaw Found and Fixed

John Markoff in the New York Times reports that a computer science professor and two of his students have discovered a "composition flaw" in Google's desktop search application. Google was notified about the problem in November and is bega distributing a version of GDS with the security flaw fixed on December 10th.

The glitch, which could permit an attacker to secretly search the contents of a personal computer via the Internet, is what computer scientists call a composition flaw - a security weakness that emerges when separate components interact...The researchers said that the Google security weakness lay in the way that Google Desktop was designed to intercept outgoing network connections from the user's computer.

The Rice researchers said that it was possible for users to tell if their version of the Google program had been patched by examining the "about" page from the Google Desktop icon in the browser task bar. Version numbers above 121,004 indicate a newer edition of the program.