Google Desktop - yet another security frightener

My state agency's intrusion- detection systems were showing some undesirable activity on our network. Upon investigation, we found that several desktop systems were communicating with Google via Google Desktop. I ran a network security scan and found at least 50 computers set up to do this. How was that possible?

All 50 were new Dell machines. I called down to the lab where desktop system images are created. A tech answered, and I asked him if he knew why Google Desktop was installed on the new systems. "Yes," he said. "The new Dell systems came with it installed. We thought it was a useful tool, so we included it in our standard image."

The question that immediately reverberated in my head was, Why weren't the security implications considered? What I said was, "This is a security problem for us, and we have to uninstall it as soon as possible. I'll put together a meeting."

The good news is that I caught this security lapse before all agency desktops were replaced in our current system refresh. In fact, since desktops are being replaced about 50 at a time, I had caught it pretty early. The realisation that the problem could have been worse cheered me up a bit.

Admittedly, the person who decided to leave Google Desktop on the new computers had no reason to suspect that the program could cause a serious security vulnerability. The root of the problem lay in our quality assurance processes. And that means that if I was going to be irritated at anyone, it would have to be me.

I am in charge of all IT processes and had failed to make sure that we had a certification process for new systems. I was focused on auditing the environment. And in the meantime, I made assumptions - one of the surest ways to get myself into trouble. I assumed that the image had not changed. I assumed it would not change. I assumed I would be asked before someone made a change. No way around it, this was my fault.

Several staffers came knocking at my door, having heard about the situation and wanting to know why it was a big deal. I printed out some articles on Google Desktop for their edification. I had filed in my brain the factoid "Google Desktop = security vulnerability" at least a year ago.

But apparently, my staffers don't read the security news. I don't want to make them do that; they work hard as it is. But I wondered whether I should put together for them highlights of the latest in security vulnerabilities on a weekly or monthly basis to prevent this kind of thing from happening again.

So, what is the big deal about Google Desktop? At Google's desktop.google.com site, it says, "Google Desktop gives you easy access to information on your computer and from the Web. It's a desktop search application that provides full text search over your e-mail, files, music, photos, chats, Gmail, Web pages that you've viewed and more." That all sounds pretty good? But, read on:

"Removing deleted files from search results - Some users like the fact that Google Desktop saves cached versions of deleted files in case they need to retrieve them. But we know this isn't for everyone. Don't want to see deleted files in your search results? Just enable the 'remove deleted items' option in your Desktop preferences."

In and of itself, this isn't scary (even though the option should be disabled by default -- in Windows, you can always retrieve deleted files if you have the right utilities). So far, we have an application that indexes everything on our users' computers so they can search them and find information quickly. That is a totally cool feature in an age when we are inundated with so much information we can't think straight. But there's more:

"Search Across Computers enables you to search your documents and viewed Web pages across all your computers. For example, you can find files you edited on your desktop from your laptop. To activate this feature, you will need a Google Account (the same log-in you use for Gmail, Orkut or other Google services). Files accessed on your computer after you enable Search Across Computers will be searchable from your other computers.

"To search your other computers, you must also install Google Desktop on them, as well as enable the Search Across Computers preference using the same Google Account on each one.

"In order to share your indexed files between your computers, we securely transmit this content to Google Desktop servers located at Google. This is necessary, for example, if one of your computers is turned off or otherwise offline when new or updated items are indexed on another of your machines. We store this data temporarily on Google Desktop servers and automatically delete older files, and your data is never accessible by anyone doing a Google search."

The italics are mine, although you probably could spot the security problem on your own. The good news is that this feature isn't enabled by default. If it were, there would be hell to pay. It would allow our users who have Google Desktop and Gmail accounts to share data across the Google servers and wherever else they happened to log into a computer - and that could include data protected under the Health Insurance Portability and Accountability Act.

As it turns out, only one of our users had a Gmail account, and the Search Across Computers feature had not been enabled. But when I think about the thousands of computers using this feature and the quantity of data being cached by Google, I get the creeps.


Now, Wi-Fi comes to gaming

Outside the PC and network equipment markets, the gaming space has really been the first market segment to embrace Wi-Fi. More than 26 million handheld game devices with embedded Wi-Fi shipped out in 2005, with 28 million of these Nintendo DS and PlayStation Portable (PSP) devices expected to ship in 2006, according to In-Stat, a market research firm.

It says five million game consoles with embedded Wi-Fi are expected to ship out in 2006, representing only the late-year releases of Sony’s PlayStation 3 and Nintendo Wii gaming consoles.

In-Stat says one of the main issues plaguing Wi-Fi integration into portable CE devices has revolved around the demonstration of Wi-Fi’s value-add to a device. Certainly, Nintendo’s Wi-Fi Connection service is one example of a vendor leveraging Wi-Fi to provide for an enhanced user experience.

On August 28, 2006, Nintendo’s Wi-Fi Connection (its online gaming portal for its DS/DS Lite users) logged over 70 million connections from over 2 million unique users, after the portal had been live for only nine months. The service centers around DS online play at certified partner hot-spots, where the user launches a game in Nintendo Wi-Fi Connection mode with no configuration or registration required.

Sony PSP

While the DS is a more traditional game console, the PSP aims to be a portable multimedia convergence device that primarily plays games. The device includes audio and video playback and web browsing capability. As of October 2006 in the US, the PSP was available for a street price of $200, while the Nintendo DS was available for $130. Sony's online gaming push has not been as strong as Nintendo’s, owing to Sony’s focus on the PSP being more than a handheld gaming device.

PlayStation 3

According to In-Stat, in late 2005, Microsoft began the newest cycle of gaming consoles with its launch of the XBox360. Microsoft’s 802.11a/g USB gaming adapters are sold as an accessory to the XBox360 for $99 and feature the same styling as found in the XBox360 console.

In November, both the Sony PlayStation 3 and Nintendo’s Wii will roll out. "The Wii, along with the premium model of the PlayStation 3, will include embedded 802.11g. Sony will offer two versions of the PlayStation 3, a 60GB premium model and a 20GB core model, with embedded Wi-Fi offered only in the 60GB model," it says.

The Wii will not feature a hard disk drive, but will include 512MB of flash memory and a bay for an SD memory card that will allow players to expand the internal flash memory. The most talked-about feature of this console is its motion-sensitive controllers


India New Semi-Conductor Design Hub

India is emerging as a key hub for complex designing of semi-conductors, from Application-Specific Integrated Circuit chips to Field Programmable Gate Array chips to chips used in PC gaming and high-definition TV, with multinational companies moving critical design functions to cities like Hyderabad, Noida and Bangalore.

Says Mr Akshya Prakash, managing director of the Xilinx-CMC India Development Centre, a partnership between the $1.3 billion Xilinx, Inc., of the United States and CMC Ltd, a subsidiary of Tata Consultancy Services, "India has the skill sets to develop ASIC and FPGA chips, and the 55 chip design engineers working at the centre are involved in developing programmable chips for Xilinx clients around the world."

According to Mr Prakash, the demand for ASIC, which are designed for specific uses, are on the decline, while the demand for FPGA chips, which can be customised to a clients requirements, was increasing substantially. "We decided to partner with CMC for the India Development Centre in Hyderabad because they have the expertise in embedded software, and we could ramp up the operations faster for high-end R&D in hardware. The IDC has developed 20 IP cores, which are pre-defined off-the-shelf hardware modules, in the past 20 months of operation. This constitutes nearly 10 per cent of the 250 IP cores developed by Xilinx," Mr Prakash told this newspaper on the sidelines of 19th International Conference on VLSI Design, currently underway here.

"The engineers here developed a Control Area Network controller which is used to control the functions of a motor car’s dashboard. The CAN controller is being deployed by BMW in its cars," he said.According to Mr David E. Orton, president and CEO of the $2.2-billion ATI Technologies, Inc., a Canadian company developing graphics, video and multimedia products for desktop, workstation and notebook PCs, digital televisions, cellphones and game consoles, of ATI Technologies’ development centre in Hyderabad, "The 125 engineers in Hyderabad are crucial to the development of chipsets and chips for high-definition TV, a segment in which ATI has a 60 per cent market share."

Mr Orton said that with the increasingly important role the Hyderabad centre was playing, ATI would be ramping up the headcount to 200 by August this year. Echoing the sentiments of Mr Orton and Mr Prakash, Dr Aloknath De, head of the telecom unit of STMicroelectronics Pvt Ltd, the Indian subsidiary of the $8.7-billion Swiss semi-conductor company STMicroelectronics, said, "The centres in Noida and Bangalore, which together have over 1,500 engineers, develop cutting-edge System-on-a-Chip technology for the company’s global clients, including mobile handset firms."

"The teams in India helped in developing a two megapixel camera which is installed in some mobile phones, and in the nomadic platform for wireless mobile multimedia, which will allow both audio and video contact in mobile calls," Dr De said.


Page :  1 2