English

Attacks on Local Searching Tools

Cryptography and Security 2011-08-16 v1

Abstract

The Google Desktop Search is an indexing tool, currently in beta testing, designed to allow users fast, intuitive, searching for local files. The principle interface is provided through a local web server which supports an interface similar to Google.com's normal web page. Indexing of local files occurs when the system is idle, and understands a number of common file types. A optional feature is that Google Desktop can integrate a short summary of a local search results with Google.com web searches. This summary includes 30-40 character snippets of local files. We have uncovered a vulnerability that would release private local data to an unauthorized remote entity. Using two different attacks, we expose the small snippets of private local data to a remote third party.

Keywords

Cite

@article{arxiv.1108.2704,
  title  = {Attacks on Local Searching Tools},
  author = {Seth James Nielson and Seth J. Fogarty and Dan S. Wallach},
  journal= {arXiv preprint arXiv:1108.2704},
  year   = {2011}
}

Comments

Previously unpublished technical report from December 2004

R2 v1 2026-06-21T18:49:56.729Z