BEIJING, Dec. 21 (Xinhuanet) -- Google fixed a flaw in its beta desktop search tool that could have given hackers access to users' local searches, officials said Monday.

    The vulnerability, discovered and reported by three members of Rice University's computer science department, proved it was possible for a malware (define) writer to grab information from a Web page containing any desktop searches performed by a user infected with a JavaScript- or applet-based program.

    Users can check if they have the updated version by selecting the About icon on their Google Desktop Search task bars. If it says Version No. 121004, indicating Dec. 10, 2004, or later, they are safe, the Rice researchers said.

    To be affected, a user would have to visit a Web site where an attacker has embedded a particular Java applet. The applet makes certain network connections that trick Google Desktop into integrating a user's local search results with results from an online search. When users visit the compromised site, the applet reads their local search result summaries and sends them back to the attacker's server, they said.

    Summaries from Google Desktop searches often contain snippets of content from personal files, and it is this content that the attacker is able to read, the researchers said.  

    According to a Google spokesperson, the vulnerability was fixed and the company started "pushing" the update to users' computers last week. Like Windows Update, Google Desktop Search users can automatically have updates to their programs downloaded and installed onto their computers. Enditem

(Agencies)