F H card letter b

Tuesday, October 19, 2004

Google Desktop cracks password-protected Word docs

While every day brings a new article on the potential security hazards of Google's desktop search tool, most of the concern seems to center around its potential use in finding private information on shared computers.

However, I've only seen one mention of something I recently discovered while using Google Desktop: that it can be used to break open MS Word password-protected documents (or at least a cached copy of the doc).

I keep many of my "easy-to-forget" passwords in a password-protected Word document.
While doing a search with the Google desktop tool, I noticed a link to that document, tried clicking on the link, and was prompted for the password when Word launched. All to the good, so far. However, clicking on the "cached" link brought up the entire contents of the file -- with all my passwords.

As I said, I'm not the first person who's noticed this. There's also a reference to it here, too:

http://www.kottke.org/04/10/google-desktop

It appears you can - clumsily - exclude files using the "Preferences" settings of the tool by detailing the path name to the files or folders, but it would have been nice if Google Desktop had provided that option during set-up.

No comments: