A security problem with Internet Explorer that allowed unauthorized access of Office documents and Outlook emails indexed with Google Desktop Search has been fixed.
Lots of talk over the last few days about a problem with Internet Explorer that allows access to your Office documents and Outlook emails indexed with Google Desktop Search – GDS.
GDS makes use of your browser to make searches and display results, this means that browser limitations can be used to gain access to your data (which is indexed by GDS).
We won’t go into the details of the security problem, suffice it to say that you can read the story from the discoverer here if you wish. His decision to go public has been questioned in some circles.
Microsoft’s response was their rote lines: They are investigating the problem (probably true). The exploit has not been used ‘in the wild’ (true – but it’s like saying “We know the barn door is open, but the horse hasn’t bolted yet”).
Google moved with commendable speed to fix a problem, even though it wasn’t really of their making. GDS v2 users should get an automatic update that will block this exploit.
The result of all this is that users of Google Desktop Search should not worry. Internet Explorer users will probably get yet another update in due course. There’s still the possibility that the IE vulnerability can be exploited with programs other than GDS so Microsoft still has some work to do.
