[unisog] Google Desktop (cNET inquiry)

gentuxx gentuxx at gmail.com
Tue Feb 14 23:45:48 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Saqib Ali wrote:

>>I'll play devil's advocate for a minute and say that this
>>doesn't seem to be too different than GoToMyPC.
>
>
>GoToMyPC doesn't send my confidential files to their servers for
>"anywhere access"
>
>>Hotmail, p2p, IM ???
>
>
>I agree with you. I see Google Desktop as just another product.
>Nothing evil about it. I think most people are are trying to find a
>technological way of stopping their faculty/students from using Google
>Desktop. Where simple User Awareness and Training will suffice.
>
>Many technical vulnerabilities are best countered with simple
>awareness training. The fact that confidential information got leaked
>due to Google Desktop, shows a lack of awareness training.
>
>Awareness / Training should NOT comprise of threats (i.e. re-imaging
>of computers, disciplinary action, firing). In fact this is very
>counterproductive, and do nothing to educate.
>
>The User Awareness / Training sessions should explain why a certain
>action might cause a leak of confidential information.
>
>People on some other mailing list have suggested, re-imaging a desktop
>where Google Desktop desktop is detected as a countermeasure. I think
>this will be most counterproductive, and users will find a way to
>avoid detection.
>--
>Saqib Ali, CISSP
>http://www.xml-dev.com/blog/
>"I fear, if I rebel against my Lord, the retribution of an Awful Day
>(The Day of Resurrection)" Al-Quran 6:15
>
>_______________________________________________
>unisog mailing list
>unisog at lists.sans.org
>http://www.dshield.org/mailman/listinfo/unisog
>
I think this answer is incomplete.  User education/awareness is
important, but is easily disregarded.  If use of the software is
prohibited by your organization's policies, there should be a
technical solution to enforce those policies.  End user awareness is
just one part of defense-in-depth.

- --
gentux
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40  9795 2D81 924A
6996 0993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD8musLYGSSmmWCZMRApjaAKC3j/9S0+LcSBuT2VFbOhoXAGiqCACgvfwG
YwU6m5zBvNWhFCxEZkRt0hE=
=0aj+
-----END PGP SIGNATURE-----



More information about the unisog mailing list