Google has fixed their Desktop Search application so that it is no longer vulnerable to the data theft flaw discovered in Internet Explorer last week.  Even better, they've done this without having to update the code in the applications - all the changes have been done at their end.

Well done!  Microsoft have still to fix the problem in Internet Explorer.

What I don't like is yet another example of irresponsible reporting. 

"If Google has fixed its software so it is no longer vulnerable, then that is good news," said Sophos senior technology consultant Graham Cluley. But Cluley questioned whether Gillon's disclosure actually helped the situation by going public with a security flaw without working with Google and Microsoft first.

"Does the researcher think he has really contributed to the security of Internet users worldwide by going public with details of the problem when no fix is available?" he asked. "Or is this just a case of 'Look at me! Aren't I clever?'"

You won't get an argument from me!

Technorati Tags: Google, Desktop Search, Internet Explorer, Microsoft, Sophos

This entry was posted on Tuesday, December 6th, 2005 at 16:05 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.