Google Search Hack Exposes Email and Files to Entire Network
File this under...see I told you so. Here's how to hack into any desktop on your network and read their email using Google Desktop search. I cover it here because it is for people without firewalls. If you do not have a firewall, then please take a moment to consider what happens when you don't.
The newly released GDS 1.0 has a major security flaw. You can search and cache of other peoples hard drives, not just your own. Heres how it is done:
1. Install Google Desktop Search 2. Install datapipe (a networking tool) and run the following command: datapipe 127.0.0.1 1180 127.0.0.1 4664 3. Run a quick search on your hard drive using GDS and note the special code at the end of the address bar. (example: &s=486029421″) 4. Use the IP of local machines you found with datapipe and put the following address into your address box: http://__ip_address_of_target_machine__:1180/__numbers_at_end_of_address ex. http://192.168.1.1:1180/&s=486029421″
And its that easy. This only works if other machines in your network do NOT have a firewall. This is interesting and quite concerning information. I, of course, do not suggest you try this, but be aware of the security risks that this poses. The best way to keep from being searched by others is to install a firewall." Source: Desktop Search Dot Info # Permalink
Posted at
4:47 PM
3 commentsEmail this
Link
Comments on
this Item:
This is iIrresponsible 'journalism', I have come to expect more from Alice & Bill. The fault does not lie with Google Search as the headline and story suggests. If you allow unfettered access to your computer, other can access files!!, this is the actual fact being exposed here. Headline would be equally true with, Drive mapping exposes files to network, My Network Neighborhood exposes files to network, MSN desktop search exposes files to network... An accurate headline would be "Windows computers not protected by firewalls have files exposed to network"
That's a good point. I tried to make that clear in the story - that if you do not have adequate protection you are vulnerable to intrusion. However, I chose the headline to show that the way into your PC files and email in this case, was specificaly via Google Desktop search - not just some random port entry or drive mapping. Google desktop search allows you to quickly search emails and files very easily - so the two are extrememly deadlly if you do not use a firewall. Thanks for making it clear though, and I hope this added more info.
Irresponsible? hardly, one can not argue to defend without examples and the knowledge of how these types of dangers exist. I was thanked and pilloried for writing on you could steal a company blind using an iPod type of device by encoding files into MP3s that still played. I dont regret writing and the folks that wrote hate mail have their heads in the sand. We of IT have a responsiblity to educate the user/management and anyone else that will listen to the warnings.
