Google Desktop indexes Password protected Office Documents
Hi
Just discovered a rather nasty security flaw of Google Desktop, it seems it gets a bit overzealous in its search to index documents
Create a password protected word or excel document and save it. Give it a few minutes and then search for the file name or contents. Google desktop appears to be able to open the file and display the contents regardless of the encryption. It also displays the 1st few lines of the encrypted file in the search results and if you click on the "cached" link it can display the entire contents of the file.
I can only assume Google desktop has indexed the file when its open in Excel or Word and it doesn't actually crack the encryption on it after its saved to disk.
When you click on the filename returned in the search results you will get prompted by word or excel to enter the password as usual.
My only advice is to specifically exclude the paths to any password protected files. Also exclude paths to any encrypted PGPDisk or TrueCrypt mapped drives as Google Desktop will also return results in these even when not mounted.
posted by Craig @ 2:22 PM
2 comments
digg it
kick it
Live It
Redit
email it
2 Comments:
Regarding your reccommendations. If it is indexing the documents before they are saved and password protected what good would excluding the password protected files folders? I am going to do some test where I create the document on a PC other then the one with the search tool, then transfer it to another pc and run the google desktop there and see if it indexes the document there.
Thanks for the information, very helpful.
Sal
No problem Sal, I'd be interested to hear your findings.
If its requiring it to be open to index then I suppose its a matter of timing if the crawl picks up the new file when your editing it.
Cheers
Post a Comment
<< Home