| Recent Posts | About the Author | Navigation |
|---|---|---|
|
|
David is an occasional blogger, software engineer, Nintendo fanboy, liberal, news magazine addict, voracious TiVo user, and bibliophile. He was born in St. Louis, grew up in southern Indiana, and returned to St. Louis to attend Washington University. He hasn't managed to escape yet. He's a fan of free wine tastings, too many tv shows to name, and eating out. David makes his living developing web applications used internally by his employer. He doesn't blog about work because he's heard too many stories about that causing workplace troubles. There's more on the about page. |
|
| Recent Comments | ||
|
|
||
| Recent Photos | ||
|
|
||
21 January 2005 - 9:41 am
The St. Louis Post-Dispatch ran an article about desktop searches today. Talk about missing the boat. This article is nothing but FUD. Desktop searches don't give anyone access to anything that isn't already available on your computer. One of the main complaints about desktop search tools and the main point reiterated by this article, is that desktop search tools will make the cached version of encrypted web pages available. This means that someone might be able to access your credit card number or other sensitive information.
While it is true that using something like google's desktop search agent will find information you might prefer not to have it find, the real culprit here is your browser, which is caching these pages. Google's (and Yahoo!'s and MSN's) tool simply makes it faster to locate these items. These tools expose flaws on the underlying system, but do not create flaws themselves. The backlash against desktop search tools is akin to shooting the messenger when the real culprit is the maker of the browser that caches those pages.
Bruce Schneier, an "[i]nternationally-renowned security technologist" and author of "Applied Cryptography," the bible of cryptography, weighed in on this issue a few months ago on his weblog and in his monthly email newsletter. Here is the link to his article.
Posted by on 21 January 2005 at 9:42 AM
Comments
I didn't want to dig into the entire horribleness of this P-D article in my main post, but it suffers from a number of flaws. For example, the author recounts the story of one of his colleagues who had "[a] flurry of error messages pop... up on his computer screen, disabling his browser. He was forced to reinstall the browser, as well as perform several other system repairs." This was not the Google Desktop Search vulnerability exposed by the professors at Rice, but was most likely a browser hijacking Trojan that he got by running a IE without the proper patches and by visiting a website that exploited the security holes.
There are numerous other flaws with this article, but I didn't want to let that one slide.
Posted by david on 21 January 2005 - 9:51 AM