What you can do about the latest Google Desktop flaw
Here's a follow-up to a blog entry of a few days ago outlining a workaround until Google issues a patch.
On this week's Security Bites podcast, I asked Robert Hansen, aka RSnake, the security researcher who disclosed the man-in-the-middle attack on the Google Desktop last week, what readers can do to avoid becoming a victim.
Hansen said: "They could turn off the integration between Google Desktop and the Web. Or they could wait for a patch to come out, which I'm sure there will be. Or my favorite answer is to uninstall the Google Desktop entirely.
"I'm not exactly quick to tell people to stop using applications, but Google Desktop's had, like I said (earlier), four vulnerabilities in the last couple of months. Plus, if you look at the latest man-in-the-middle attack against the Google Toolbar, which gives the attacker complete access to the computer, you kind of get the feeling that Google just doesn't know how to write secure desktop applications, not to mention the fact they're trying to go for a deeper integration with the Web in the future.
"So, if you need to have something on your drive, you can try Yahoo Desktop Search; it's faster and has nicer features, and it doesn't have that connection between the Web and the desktop."
You can hear the full Security Bites podcast interview here.