Flaw found in Google’s new desktop search

SAN FRANCISCO–A Rice University computer scientist and two of his students have discovered a potentially serious security flaw in the desktop search tool for personal computers that was recently distributed by Google.

The glitch, which could permit an attacker to secretly search the contents of a personal computer via the Internet, is what computer scientists call a composition flaw–a security weakness that emerges when separate components interact. “When you put them together, out jumps a security flaw,” said Dan Wallach, an assistant professor of computer science at Rice in Houston, who, with two graduate students, Seth Fogarty and Seth Nielson, discovered the flaw last month. “These are subtle problems, and it takes a lot of experience to ferret out this kind of flaw,” Wallach said.