Google: We've Fixed Desktop Search Tool Flaw

An article explains that Google says it has fixed a flaw that could have allowed hackers to search the contents of PCs running the company's desktop search tool. The vulnerability was found by Dan Wallach, an assistant professor of computer science at Rice, while working with graduate students Seth Fogarty and Seth Nielson. Wallach describes it as a composition flaw--where a security weakness is caused by the interaction of several separate components. According to The New York Times, which first reported the discovery of the flaw, Wallach, Fogarty and Nielson found that the Google desktop tool looks for traffic that appears to be going to Google.com and then inserts results from a user's hard disk for a particular search. They managed to trick the Google desktop search program into inserting those results into other Web pages where an attacker could read them.