Full Disclosure mailing list archives

RE: blocking Google Desktop

From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 10 Feb 2006 15:11:28 -0600

Upon launching, Google Desktop made several HTTPS connections to both
www.google.com and desktopservices.google.com.   It used IE's proxy
settings - we have an ISA cache/proxy that does integrated 
auth.  If it handled NTLM auth, I'm sure it can do basic 
proxy auth as well.
However, blocking it on the network-level doesn't do a whole 
lot of good
for corporations with a large mobile population.   They connect
elsewhere (home, client site, hotel, etc.), and your 
proprietary data is still making it to Google.


Looks like a great target for Pharming attacks. Thanks for all your data
sent to me over an SSL connection. =)

-Todd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: blocking Google Desktop, (continued)
- - - Re: blocking Google Desktop Michael Holstein (Feb 14)
    - Re: blocking Google Desktop sekure (Feb 14)
    - RE: Some one needs their coffee. WAS: blocking Google Desktop Randall M (Feb 11)
    - Re: blocking Google Desktop gboyce (Feb 11)
    - Re: blocking Google Desktop Nick FitzGerald (Feb 11)
    - Re: blocking Google Desktop gboyce (Feb 11)
  - Re: blocking Google Desktop Dave Korn (Feb 11)
- Re: blocking Google Desktop Mike Owen (Feb 10)
- RE: blocking Google Desktop J. Patterson Wicks (Feb 10)
- RE: blocking Google Desktop Sims, Brian (MED US) (Feb 10)
- RE: blocking Google Desktop Todd Towles (Feb 10)
  - Re: blocking Google Desktop Michael Holstein (Feb 10)
    - Re: blocking Google Desktop Jason Mayer (Feb 10)