mailing list archives
RE: blocking Google Desktop
From: "Charles Heselton" <charles.heselton () gmail com>
Date: Fri, 10 Feb 2006 18:18:35 -0800
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf
Of Michael Holstein
Sent: Friday, February 10, 2006 11:37 AM
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] blocking Google Desktop
I would also venture to say that they should be publicizing
information for corporations to be able to block this wholesale
(google desktop and gmail chat), since we all know there
institutions where people work, and think nothing of saving customer
data onto laptops.
Agreed. I'm actually working on testing it now, to figure out how to
write snort sigs to (detect) and/or (block) it -- assuming I
blackhole *desktop.google.com on DNS.
This may work. However it's easily subverted. I would imagine that it
would become a chore to maintain the block-list.
I might just block their ads as well (/pagead/iclk? in URLs) out of
spite for them doing this stupid trick with their desktop product.
FWIW, we're sending out notices that this is NOT to be
installed on any
University-owned PC, violators get their machine re-imaged.
Michael Holstein CISSP GCIA
Cleveland State University
Based on some very basic analysis, it looks like the Google Desktop Search
(GDS) uses a custom User-Agent string. This can be detected in proxy and/or
IDS logs/signatures. The string is:
User-Agent: Mozilla/4.0 (compatible; Google Desktop)
This should make it trivial to track systems with it installed.
5A27 58D2 C791 8769 D4A4 F316 7BF8 D1F6 4829 EDCF
In memoriam: http://www.militarycity.com/valor/1029976.html
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/