Announcement

Collapse
No announcement yet.

New Tool Exploits Google's Tech, Microsoft Weakness

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Tool Exploits Google's Tech, Microsoft Weakness

    Thought you guys might find this interesting.
    New Tool Exploits Google's Tech, Microsoft Weakness

    October 14, 2004

    By MATTHEW FORDAHL
    AP Technology Writer

    SAN JOSE, Calif. (AP) -- Google Inc.'s long-awaited expansion of its search tools from the Internet to individual computers leverages the company's core technology and exploits a weakness in Microsoft Windows.

    Google's Desktop Search application, released Thursday, uses the same technology that made its Internet search engine fast, accurate and popular. At the same time, it makes Windows' slow, built-in search tool eat dirt.

    The key to speedy searches is constructing an index of information on a computer. A number of companies -- including X1 Technologies Inc., Copernic Technologies Inc. and others -- take the same approach in building their search programs.

    Windows XP also includes an indexing service, but it slows down the computer while it's running and is often shut off. If that's the case, the hard drive must be scanned for each search -- a time-consuming process as hard drives can hold hundreds of gigabytes of data.

    Google found a simple answer: index when the computer isn't being used.

    Once the application is downloaded and installed, it starts indexing the PC's main drive. The process, which only takes place when the computer is idle for 30 seconds or more, can take anywhere from several hours to a few days, depending on the volume of data.

    After the drive is scanned, indexing takes place in real time with little effect on the computer's performance.

    The index is a database that is scoured by Google's algorithms whenever terms are entered in Desktop Search. The technology, based on the company's powerful Internet search functions, is the program's secret sauce.

    Most of the tricks that have worked with Google on the Internet behave the same way with the desktop search. So in a search you can excluding certain words with a "not" operator, winnowing results with an "and" or expanding what's returned with an "or." Searches also can be limited to specific Web sites that have been visited.

    Google's local computer searches also integrate with the Google.com Web site. If the option is enabled, it returns local searches on top of what's on the Web.

    Currently, the Google application only indexes the content of a handful of recognized file types, including Web pages previously viewed in Internet Explorer, e-mail sent or received in Outlook or Outlook Express, AOL Instant Messenger chats, plain text files and Microsoft Office documents.

    It does find files created by unrecognized programs, but it only searches on the name, not the internal content. Those include music, picture and portable document format files.

    The company plans to support more types of files in the future.

    Source

    Google Desktop

  • #2
    Yes very interesting it is called google hacking. I believe there was a speech on it at Defcon.
    Did Everquest teach you that?

    Comment


    • #3
      Originally posted by allentrace
      Yes very interesting it is called google hacking. I believe there was a speech on it at Defcon.
      You would be refering to Johnny Long . Fun tools released as well for it on the defcon 12 cd.
      Happiness is a belt-fed weapon.

      Comment


      • #4
        Originally posted by che
        You would be refering to Johnny Long . Fun tools released as well for it on the defcon 12 cd.
        Thank you for the name. :) Sadly I did not attend that talk this year, Instead I decided to be lazy and play some cards with some good guys.
        Did Everquest teach you that?

        Comment


        • #5
          Originally posted by allentrace
          Thank you for the name. :) Sadly I did not attend that talk this year, Instead I decided to be lazy and play some cards with some good guys.
          Gratuitous links. Johnny is a hell of a nice guy and I recommend saying hello at DC14 since DC13 is cancelled. ;-)

          Google Hacks
          J0hnny's Site
          Aut disce aut discede

          Comment


          • #6
            Originally posted by Ironcurtin
            The key to speedy searches is constructing an index of information on a computer. A number of companies -- including X1 Technologies Inc., Copernic Technologies Inc. and others -- take the same approach in building their search programs.

            ...

            Google found a simple answer: index when the computer isn't being used.

            ...

            The index is a database that is scoured by Google's algorithms whenever terms are entered in Desktop Search. The technology, based on the company's powerful Internet search functions, is the program's secret sauce.
            It's an interesting idea, but an approach that is largely only useful on existing Windows OSes - and possibly for a limited amount of time.

            What Google's basically doing is creating an index of metadata associated with the file types that it recognises. This isn't a new idea; SGI's XFS and the now-departed BeOS' BeFS did much the same thing, but without an external database indexing the metadata objects. Rather each file described its own metadata, thus saving on drive space and search speeds versus an external DB. There's also the issue of having to recache metadata as files change - itself a speed and resource hit.

            The reason I say this is of limited usefulness isn't because someone else did it first - rather, Longhorn's upcoming WinFS is likely to obviate the usefulness of the Google tool in the long run, at least on NT platforms (and if anyone's still running a non-NT-based Windows platform by the time Longhorn's released, God help them).

            Consider for a moment what happened with the relase of Windows 95 OSR2. It made it possible to convert an existing FAT16 volume to the more efficient and capable FAT32 filesystem. We're likely to see a similar tool be released for existing Windows platforms around the time that Longhorn hits the shelves.

            As for *why* this tool is likely to be released... Again, consider for a moment Microsoft's love of making things available to the network that probably don't need to be - or at least not in as lax a manner as they tend to make them available. CIFS, for one. Default services for remote control of the local box, for another. And so on.

            WinFS is going to probably be tied to some sort of (likely RPC-based) service for remotely querying and indexing content. And because the time taken to do so will be negligible (courtesy of its metadata query capabilities), your computer can now be part of a larger search engine whenever it's online. Oh, won't that just be bloody wonderful, especially if Microsoft's running it. MSN on your desktop, your desktop on every other MSN user's desktop.

            So the Google filesystem indexing tool has a limited lifespan - but it's entirely possible that they're just getting into the game early. If remote search results can be returned along with the local ones (a very useful tool, IMHO), the local search results can also be added to the remote ones if so desired. There're a lot of ways this can go (some of them unpleasant), but IMHO both are pointing to a fundamental shift in the dynamics of how people interact with and access electronic information.

            Comment


            • #7
              Could a hacker use this tool on a victims machine? So lets say the hacker gets into the computer then downloads the google Desktop. Could'nt they technically use the app to speed up searching for emails and private information, and when the google desktop actually comes out with all files supported couldnt a hacker use this to speed up searching for PRIVATE or SECRET files. The user doesnt want people to use

              Comment


              • #8
                Originally posted by Ironcurtin
                Could a hacker use this tool on a victims machine?
                *Shrug* Can a car be used as a boat? Sure, if it's the right car. What I'm saying here is that that entirely depends on how the Google search can be used - or, more specifically, exploited. It's not that it necessarily *couldn't* be, but that the concept is entirely theoretical until proven one way or the other.

                So lets say the hacker gets into the computer then downloads the google Desktop. Could'nt they technically use the app to speed up searching for emails and private information, and when the google desktop actually comes out with all files supported couldnt a hacker use this to speed up searching for PRIVATE or SECRET files. The user doesnt want people to use
                Yeah, but look at it this way: if the machine's already been compromised, chances are you a) won't be able to use the Google Desktop to search it, and b) are able to do so without creating massive amounts of noticeable impact on system resources.

                As for anything labelled 'secret' or 'private' (or with permissions set as such), the point is most likely moot - if the machine's compromised, chances are an attacker's privileges have been escalated to the point where such designations have been rendered meaningless by default.

                Comment


                • #9
                  Thanks Skroo for that helful info. :)
                  Last edited by Ironcurtin; October 18, 2004, 21:28. Reason: Typing to fast

                  Comment


                  • #10
                    Any potential problems with WinFS have been delayed (at least to some extent). Google Desktop should have some additional time to improve.

                    Comment


                    • #11
                      Originally posted by AlxRogan
                      Gratuitous links. Johnny is a hell of a nice guy and I recommend saying hello at DC14 since DC13 is cancelled. ;-)
                      If Defcon 13 for '05 is cancelled would not the Defcon of '06 still be lucky number 13.
                      Did Everquest teach you that?

                      Comment


                      • #12
                        Originally posted by allentrace
                        If Defcon 13 for '05 is cancelled would not the Defcon of '06 still be lucky number 13.
                        Not if Defcon 13 is cancelled.

                        Comment

                        Working...
                        X