This is web for you. better of playing a game.. or spend your money on a few porn maggs. he he he.

Just another excuse to bash MS.
I don't use GD, and don't intend to.

people should just close their eyes ears, and minds when these sec vulns are discovered. We'd all be better off.

Ignore it and hope it goes away?

we haven't heard from Google about this yet, have we?

Another IE flaw. Gee, how unusual.

Check out www.iwantnetware.com, in the "MS (In)Security" section for other MS issues / flaws / exploits.

For the record, I use Firefox, now version 1.5.

It still as the same dam flaw (security problem) I reported to them over 4 months ago. I can get full access to a system with this problem. But unlike others I will not disclose this problem to anyone except Firefox. Never liked google anyway.

4 months ago? Interesting.

What's the beef with Google? To me, they're just another search engine, like how AltaVista used to be.

Of course, they're a bit bigger than AltaVista, but oh well. ;)

Google Desktop Search broadcasts on localhost and displays results in a webpage...or something.

Naturally, any IE bug is a Google Desktop Bug, unless you run it out of FireFox.

Edit: Or Opera.

Oh - I didn't know. I don't use the Google Desktop.

I just right-click and Search from there. Quite frankly, I haven't seen a need for it.

Hmm, another flaw....I really didn't see that one coming.

It cant be Google's fault nothing is ever Google's fault. Man Iam so sick of Google

did you read the full article? ANY site could do the same thing, it is a flaw in how IE handles importing cascading stylesheets. Google was named most likely because it was such a major site, often visited and as such was the first site to illicit such a response.
the way the article reads, you could code in a web site ANYWHERE and as long as it had brackets in the page code for the css, then the ie flaw allowed someone access to private infos.

But how could that be? Microsoft adheres to the most stringent Open Standards!

Surely you don't imply that Microsoft makes their own rules that are in conflict with how the rest of Planet Earth uses the internet, are you? ;)

Not satisfied with screwing up it's own software , Microsoft is now , intentionally, screwing up Google

This flaw has likely been there for many years.

I *highly* doubt it was intentional.

...and my comments are frivolous.

Microsoft is not screwing up google, through I would back them if they did.

Internet Explorer is vulnerable to this problem, if you use GD or not. It's got nothing to do with Microsoft screwing up google.

If I read what I've read about GD correctly, then it's search features (like a lot of internet software's features) are powered by IE, regardless of if you use Opera, Firefox, or Lynx.

I've tried it before, and it places a toolbar on the taskbar. If you search from that, IE pops up a small window to show you the results.

"The exploit affects IE6 on Windows XP SP2 with all patches installed."

Good thing I'm using IE7/FF.

Buyt since IE7 isn't released yet, it wasn't on theri testbed, and likely still has the flaw. :)

Just so ya know....and using FF doesn't affect it...it's Google Desktop, which utilizes the IE engine.

I dunno, IE7 has a lot of issues handling externally linked files right now. I've been running into all sorts of problems with external Javascript. I doubt IE7 can even import the CSS properly for the exploit to be possible. =p

"Just so ya know....and using FF doesn't affect it...it's Google Desktop, which utilizes the IE engine."

Yeah, I forgot that. Oops... Now I sound like a FF fanboy. Dangit.

wincement stop posting frivolous commentaries.you bore us

"you bore us."

Wow...you know each and every one of us that well, do you?

Objective: complete.

does it really?

when I launched it it opened a FF window... I'm pretty sure Google Desktop runs browser independent. Just so happens that IE's CSS handling exposes Google Desktop - you have to be browsing with IE for the flaw to be exposed.

heh

YOU bore wincemeat

"After the discovery of an unpatched flaw in the ubiquitous Web browser and code to exploit it prompted Microsoft to issue a public advisory, a new vulnerability has been found that puts users of Google Desktop at risk -- even if they are running a fully patched system."

How is that IE's fault? It doesn't work without Google installed, ergo, it's on Google. IMO

google is just one big public instance.

"The vulnerability could extend beyond Google Desktop Search, however, to any service or application that relies on cross-domain security policies within Internet Explorer."

read the articles more carefully:

"the security hole involves a problem with the way IE imports cascading style sheets (CSS) from other Web sites, a technique referred to as cross site scripting (XSS). IE will import any type of file with a bracket, regardless of whether or not it's valid CSS."

Ok, I still see it as Google's problem they are the ones that are using IE and they should fix their software to run as a standalone. Yes, MS should fix the "whole"* and the hole, but so should Google.

*EDIT: That was spelled like that for a reason.

????

"a problem with the way IE imports cascading style sheets"

This is a google problem because they expact the Operating System's CSS engine to work properly?

God forbid...

LOL

I'd have to agree. Google is in no way at fault IMO.

Honestly they should use a core that's multiplatform compatible.

They use Linux all over the place, I'm really very surprised they haven't built any Linux application compatibility into their desktop apps.

That is partly my point. I just feel that companies should stop relying on IE all of the time. They should make their own core or just learn to write better. As I have said already MS should fix the bug, but Google should stop trying to steal others' employees and worry more about writing good code.

"but Google should stop trying to steal others' employees and worry more about writing good code."

Really, I just thought you were mis-informed at first because you seem to be under the impression that Google Desktop uses IE in some way, which it doesn't. Google Desktop provides it's own web serving engine that you can access with IE or FF or other browsers. The problem is that IE exposes the content in the Google Desktop "server", just as it would expose the content of other servers you could force it to load. Anyway when I read this last comment it was just too weird. Google not writing good code and stealing employees.... seriously.. WTH.

You must be a shut in. Really. Google has tried to take several employees form other companies for a while now. It's been all over the new. And Yes Google does NEED IE to be installed to work. Check it out.

google is following the rather successful microsoft model of business... beg borrow and steal :) cant blame them for emulating a VERY lucrative business model, no matter that the side effects of that model is substandard code...

If MS did it so can anyone else IMO

Believe me, I'm familiar with history behind Google taking Microsoft employees,, what I am misunderstanding here is exactly what that has to do with the security flaw in Internet Explorer. My response was to indicate how extremely off topic it is. And I do not see anywhere that Google has IE as a requirements.

6. What are the system requirements for running Google Desktop?

Google Desktop is currently available for Windows XP and Windows 2000 Service Pack 3 and above. To install it on an office machine, you should have administrator privileges (home users shouldn't have this problem). It requires 500MB of available space on your hard disk, and we recommend a minimum of 256MB of RAM and a 400MHz Pentium processor.

While I have not tried to install it without IE being installed, I don't see any reason that it would be required.

What a surprise IE not doing well.

LOL, don't use google desktop then :) No really--Nate, the statement "Internet Explorer is not having a good week." is your opinion on the matter. Why can't betanews be just that--NEWS? Put your opinions down here with the rest of us!

Well... I dunno.

Would anyone really look at this week and say IE IS having a good week?

Here, here. Nate - I can appreciate a little journalistic opinion, but you'd be better off reporting the news, and dropping an editorial separately.

Bah.

Nate: I'm not going to tell you how to do your job.

The articles are interesting.

The end.

Yeah--you're right. Just had a 'brain fart' moment and the idiot that I am I decided that was a great time to make a post on betanews (good thing I don't write the articles!)

Google is EVIL anyway... And the Google Desktop Search sucks anyway, Yahoo and Copernic is better.

How are they evil? List a few ways.

How is Yahoos search better than Googles? Metacrawler searches tell me that Google is better. Do you have any evidence otherwise? Lets see it.

Well there aren't that many backend search technology providers, these search engine charts explain a lot:

I Help You Search engine partnership chart
http://www.ihelpyou.com/search-engine-chart.html

Blue Clay Search engine relationship chart
http://www.bruceclay.com...nerelationshipchart.htm

I use both via Twingine (http://twingine.com/). If you really want a side-by-side comparison, check it out.

To see differences between, Yahoo! Google & MSN its http://yagoohoogle.jp/?l=e.

Last one that takes the three best results from Yahoo!, Google, Ask Jeeves,and MSN is http://jux2.com/

Funny, but the *only* security breach I've ever experienced, in 20+ years, was while using...FireFox!

Which one?

wow... you were using Firefox and IE 20+ years ago?

this is most likely because IE's vulnerabilities are well disguised, so you don't have to notice the evil hackers messing up your computer - they just steal your information, and leave you none the wiser.

Just for the sake of clarity, that is not a comment of zenarcher. Don't want any confusion there.:)

"wow... you were using Firefox and IE 20+ years ago?"

Umm...did you read his post? He said the only security vulnerability in 20+ years was from FF, he wasnt even saying necessarily that he used any web browser that long ago.