Yeah, some people say "big deal, other browsers do that" but I don't think they understand. Last time I checked, other browsers only index your history as links the urls you have visited, so yes if there are account numbers, etc in the links then you will find them, but the idea I got from the article is that Chrome is indexing the text of the actual web page.
It figures that Google would do that, because like others have said, it's what they're known for, but it's still a little scary, even if you can "turn it off". ________________________________ From: David Lum [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2008 8:34 AM To: NT System Admin Issues Subject: RE: OMG!! Chrome (Google's browser) indexes HTTPS pages - even online banking details Following the link, the comments below the article are are worth reading. David Lum SYSTEMS ENGINEER // NORTHWEST EVALUATION ASSOCIATION [EMAIL PROTECTED] // 971.222.1025 From: Rod Trent [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2008 6:07 AM To: NT System Admin Issues Subject: FW: OMG!! Chrome (Google's browser) indexes HTTPS pages - even online banking details Hmmm... Feed: MSMVPS.COM Posted on: Friday, September 05, 2008 4:47 AM Author: Brian Madsen Subject: OMG!! Chrome (Google's browser) indexes HTTPS pages - even online banking details This would seriously have been one of the biggest mistakes known to man if it wasn't for the fact that people actually downloaded it! Chrome, which is Google's new answer to the web browsing war, has revealed a serious flaw in it's search and indexing. Nevermind the fact that Chrome is meant to keep processes in a single tab, rather than spreading it out as a single instance/process, but obviously something wrong has happened when the guys at Google didn't even bother to check against something this simple before throwing it out to the public. I for one (even with my MSFT hat on) is going to steer as far away from Chrome as is humanly possible. "Thinking like a hacker, my first plan of attack was to enumerate or list the financial services. After enumeration, I could drill down into the exact accounts and transactions. By simply typing in Visa, Mastercard, account and the names of popular banks you can find the types of accounts and which institution they belong to. In my case, Capital and Washington worked just fine. To get my account balance, I just typed in "balance" and to get transaction information I entered "transaction". Typing in "costco" pulled up how much I spent on my last trip." I wonder how long it'll take for hackers, malware, spyware and virus writers up there to hook into some of these nifty little inbuilt features. Well done Google for thinking on such an advanced level - you're simply so far ahead of the competition that it blows my mind. Honestly, you've even managed to get extremely far ahead of the malicious people out there that you've provided them with such an excellent tool. To read the full story (AFTER you've uninstalled Chrome that is), go here: TG Daily - Chrome is a security nightmare, indexes your bank accounts <http://www.tgdaily.com/content/view/39176/108/> Technorati Tags: Chrome <http://technorati.com/tags/Chrome> ,Google <http://technorati.com/tags/Google> ,TG Daily <http://technorati.com/tags/TG%20Daily> <http://msmvps.com/aggbug.aspx?PostID=1646859> View article... <http://msmvps.com/blogs/brianmadsen/archive/2008/09/05/omg-chrome-googl e-s-browser-indexes-https-pages-even-online-banking-details.aspx> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
