Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: blocking Google Desktop
From: "Charles Heselton" <charles.heselton () gmail com>
Date: Fri, 10 Feb 2006 18:18:35 -0800

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
Of Michael Holstein
Sent: Friday, February 10, 2006 11:37 AM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] blocking Google Desktop

I would also venture to say that they should be publicizing
information for corporations to be able to block this wholesale
(google desktop and gmail chat), since we all know there 
are financial
institutions where people work, and think nothing of saving customer
data onto laptops.

Agreed. I'm actually working on testing it now, to figure out how to 
write snort sigs to (detect) and/or (block) it -- assuming I 
can't just 
blackhole *desktop.google.com on DNS.

This may work.  However it's easily subverted.  I would imagine that it
would become a chore to maintain the block-list.

I might just block their ads as well (/pagead/iclk? in URLs) out of 
spite for them doing this stupid trick with their desktop product.

FWIW, we're sending out notices that this is NOT to be 
installed on any 
University-owned PC, violators get their machine re-imaged.


Michael Holstein CISSP GCIA
Cleveland State University

Based on some very basic analysis, it looks like the Google Desktop Search
(GDS) uses a custom User-Agent string.  This can be detected in proxy and/or
IDS logs/signatures.  The string is:

User-Agent: Mozilla/4.0 (compatible; Google Desktop)

This should make it trivial to track systems with it installed.

- Charlie
5A27 58D2 C791 8769 D4A4  F316 7BF8 D1F6 4829 EDCF
 In memoriam:  http://www.militarycity.com/valor/1029976.html

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]