> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Michael Holstein > Sent: Friday, February 10, 2006 11:37 AM > To: [email protected] > Subject: Re: [Full-disclosure] blocking Google Desktop > > > I would also venture to say that they should be publicizing > > information for corporations to be able to block this wholesale > > (google desktop and gmail chat), since we all know there > are financial > > institutions where people work, and think nothing of saving customer > > data onto laptops. > > Agreed. I'm actually working on testing it now, to figure out how to > write snort sigs to (detect) and/or (block) it -- assuming I > can't just > blackhole *desktop.google.com on DNS.
This may work. However it's easily subverted. I would imagine that it would become a chore to maintain the block-list. > > I might just block their ads as well (/pagead/iclk? in URLs) out of > spite for them doing this stupid trick with their desktop product. > > FWIW, we're sending out notices that this is NOT to be > installed on any > University-owned PC, violators get their machine re-imaged. > > Cheers, > > Michael Holstein CISSP GCIA > Cleveland State University Based on some very basic analysis, it looks like the Google Desktop Search (GDS) uses a custom User-Agent string. This can be detected in proxy and/or IDS logs/signatures. The string is: User-Agent: Mozilla/4.0 (compatible; Google Desktop) This should make it trivial to track systems with it installed. -- - Charlie 5A27 58D2 C791 8769 D4A4 F316 7BF8 D1F6 4829 EDCF In memoriam: http://www.militarycity.com/valor/1029976.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
