Forum Moderators: open
In most public libraries/terminals you can already access all sensitive information on the hard drive. Sometimes, if you just go in and paste what is on the clipboard you can get people's e-mails. Inbetween users these computers should be completely wiped. How do you access data on a computer that has the run menu disabled and you can't get to the desktop? Easy. Just go to Internet Explorer and enter this into the address bar:
%TEMP% and %TMP% // yeah THIS isn't a security threat.
%SYSTEMROOT% //takes you to the system root
%USERPROFILE% //takes you to the current user profile
%ALLUSERSPROFILE% //takes you to the all users profile
%APPDATA% //takes you to the application data
%COMSPEC% // THIS WILL EXECUTE CMD.EXE GIVING THE USERS A COMMAND PROMPT
Now that they have a command prompt they can type in even MORE fun things.
%HOMEDRIVE%
%HOMEPATH%
%HOMESHARE%
%LOGONSERVER%
%NUMBER_OF_PROCESSORS%
%OS%
%PATH%
%PATHEXT%
%PROCESSOR_ARCHITECTURE%
%PROCESSOR_IDENTFIER%
%PROCESSOR_LEVEL%
%PROCESSOR_REVISION%
%PROMPT%
%RANDOM%
%TIME%
%USERDOMAIN%
%USERNAME%
%USERPROFILE%
%WINDIR%
See here [microsoft.com] for a list. It's for Windows Server 2003 but it's all more or less relevant. GDS isn't even taking full capability of Windows' inherent flaws.
the chances of someone getting to data that does not belong to them are much higher
It still doesn't make it Google's fault. GDS only searches for information otherwise accessible by other means, so if a person wanted to get at "confidential" data stored in cleartext on a machine, the presence or absence of GDS is not an issue.
%COMSPEC%
That has always been a fun trick! I once worked for a bank (in another life), and our natty UNIX workstations were taken out and replaced by PCs running a severely locked-down version of Windows NT4. There were no icons on the desktop at all, the Start menu was fixed and severely reduced, and we were told that it was impossible to break in to the machine or run unauthorized programs.
A colleague who was really into computers fired up IE and typed in %COMSPEC%, and naturally, the DOS prompt popped up. The engineer was less than happy - but the problem was never looked into or fixed. (At least the bank never risked storing data on those machines...)
GDS only searches for information otherwise accessible by other means
It greatly lowers the barrier of entry - as I said number of people who go to search on google is measured in 100s of millions where as number of people who would ever want to know what COMSPEC is far far lower.
Personally I am more concerned about Google sending stuff back to their servers, just remember their original GMail terms and conditions - you could not delete your email! And what would happen with desktop search - would it automatically remove file from local index if its deleted?
If you don't lock the doors on your house and no-one notices, then you hire a bell-ringer to announce the fact to all your neighbors, it isn't the bell-ringer's fault if your house gets burgled.
If you don't lock the doors on your house and no-one notices, then you hire a bell-ringer to announce the fact to all your neighbors, it isn't the bell-ringer's fault if your house gets burgled.
I think a better analogy would be this: some company offers fancy free lights, they are really nice and there is just one drawback - they would clearly indicate to everyone around that no one is in the house when no one is actually in the house, in essense this allows those low lifes who burgler houses to know easily which house is empty.
It is fair to say that it is a free tool so people use it on their own risk, however, what people might not understand is that they are using computer which has got in essense a keylogger - a lot of things that they do will be logged and possibly viewed by someone else.
One might say its spyware in all but name -- just wait until ads start appearing to pay for the software, and how would that be different from what Gator (Claria now) are doing?!?!
