A Rice University computer scientist and two of his students have discovered a potentially serious security flaw in the desktop search tool for personal computers that was recently distributed by Google.
The glitch, which could permit an attacker to secretly search the contents of a personal computer via the Internet, is what computer scientists call a "composition flaw" -- a security weakness that emerges when separate components interact.
"When you put them together, out jumps a security flaw," said Dan Wallach, an assistant professor of computer science at Rice in Houston, who, along with two graduate students, Seth Fogarty and Seth Nielson, discovered the flaw last month.
"These are subtle problems, and it takes a lot of experience to ferret out this kind of flaw," Wallach said.
Google introduced a test version of the desktop search tool on Oct. 14, and it can be downloaded at no cost.
The program indexes material on a user's local hard disk and then blends Web search results with local user information like electronic mail, text documents and other files. The search would reveal only small portions of the files.
The way the software tool is designed, a user's queries, but no locally stored information, are distributed via the Internet. But by reading user queries sent to its search service, Google is able to place its AdWords text advertisements next to the search results displayed in a user's browser window.
In a statement over the weekend, the company said that it had been notified of the flaw by the computer researchers in late November and had begun distributing a new version of the desktop search engine that repairs the potential security hole.
Google's introduction of a desktop search tool has touched off a competition with its closest Web search service competitors, Microsoft and Yahoo.
Microsoft made a test version of its desktop search tool available on Dec. 13 as part of its MSN toolbar suite, and Yahoo has said that it will begin testing a similar search tool in January.
The Rice University researchers said that they had not yet looked at Microsoft's desktop search program, but noted that the service did not appear to integrate Web and local search results in the same manner as the Google tool.
The researchers said that Google had responded quickly to their alert last month and had begun releasing a corrected version of the program on Dec. 10.
The Google desktop program includes an update feature that permits the company to automatically push new versions of the program out to computer users without user intervention or knowledge.
The Rice researchers said that it was possible for users to tell if their version of the Google program was patched by examining the "about" page from the Google Desktop icon in the browser task bar. Version numbers above 121,004 indicate a newer edition of the program.
RETHINK? The defense ministry and Navy Command Headquarters could take over the indigenous submarine project and change its production timeline, a source said Admiral Huang Shu-kuang’s (黃曙光) resignation as head of the Indigenous Submarine Program and as a member of the National Security Council could affect the production of submarines, a source said yesterday. Huang in a statement last night said he had decided to resign due to national security concerns while expressing the hope that it would put a stop to political wrangling that only undermines the advancement of the nation’s defense capabilities. Taiwan People’s Party Legislator Vivian Huang (黃珊珊) yesterday said that the admiral, her older brother, felt it was time for him to step down and that he had completed what he
Taiwan has experienced its most significant improvement in the QS World University Rankings by Subject, data provided on Sunday by international higher education analyst Quacquarelli Symonds (QS) showed. Compared with last year’s edition of the rankings, which measure academic excellence and influence, Taiwanese universities made great improvements in the H Index metric, which evaluates research productivity and its impact, with a notable 30 percent increase overall, QS said. Taiwanese universities also made notable progress in the Citations per Paper metric, which measures the impact of research, achieving a 13 percent increase. Taiwanese universities gained 10 percent in Academic Reputation, but declined 18 percent
UNDER DISCUSSION: The combatant command would integrate fast attack boat and anti-ship missile groups to defend waters closest to the coastline, a source said The military could establish a new combatant command as early as 2026, which would be tasked with defending Taiwan’s territorial waters 24 nautical miles (44.4km) from the nation’s coastline, a source familiar with the matter said yesterday. The new command, which would fall under the Naval Command Headquarters, would be led by a vice admiral and integrate existing fast attack boat and anti-ship missile groups, along with the Naval Maritime Surveillance and Reconnaissance Command, said the source, who asked to remain anonymous. It could be launched by 2026, but details are being discussed and no final timetable has been announced, the source
SHOT IN THE ARM: The new system can be integrated with Avenger and Stinger missiles to bolster regional air defense capabilities, a defense ministry report said Domestically developed Land Sword II (陸射劍二) missiles were successfully launched and hit target drones during a live-fire exercise at the Jiupeng Military Base in Pingtung County yesterday. The missiles, developed by the Chungshan Institute of Science and Technology (CSIST), were originally scheduled to launch on Tuesday last week, after the Tomb Sweeping Day holiday long weekend, but were postponed to yesterday due to weather conditions. Local residents and military enthusiasts gathered outside the base to watch the missile tests, with the first one launching at 9:10am. The Land Sword II system, which is derived from the Sky Sword II (天劍二) series, was turned