[unisog] Google Desktop (cNET inquiry)
gentuxx at gmail.com
Tue Feb 14 23:45:48 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Saqib Ali wrote:
>>I'll play devil's advocate for a minute and say that this
>>doesn't seem to be too different than GoToMyPC.
>GoToMyPC doesn't send my confidential files to their servers for
>>Hotmail, p2p, IM ???
>I agree with you. I see Google Desktop as just another product.
>Nothing evil about it. I think most people are are trying to find a
>technological way of stopping their faculty/students from using Google
>Desktop. Where simple User Awareness and Training will suffice.
>Many technical vulnerabilities are best countered with simple
>awareness training. The fact that confidential information got leaked
>due to Google Desktop, shows a lack of awareness training.
>Awareness / Training should NOT comprise of threats (i.e. re-imaging
>of computers, disciplinary action, firing). In fact this is very
>counterproductive, and do nothing to educate.
>The User Awareness / Training sessions should explain why a certain
>action might cause a leak of confidential information.
>People on some other mailing list have suggested, re-imaging a desktop
>where Google Desktop desktop is detected as a countermeasure. I think
>this will be most counterproductive, and users will find a way to
>Saqib Ali, CISSP
>"I fear, if I rebel against my Lord, the retribution of an Awful Day
>(The Day of Resurrection)" Al-Quran 6:15
>unisog mailing list
>unisog at lists.sans.org
I think this answer is incomplete. User education/awareness is
important, but is easily disregarded. If use of the software is
prohibited by your organization's policies, there should be a
technical solution to enforce those policies. End user awareness is
just one part of defense-in-depth.
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the unisog