A handful of researchers at Rice University uncovered a security flaw in Google’s Desktop Search offering that could allow attackers to view small portions of personal search results.The researchers reported the glitch to Google last month, and Google has since fixed the problem with an update that is being distributed through an auto-update feature, according to Google officials.According to an IDG News Service report, the flaw was discovered by Rice computer sciences professor Dan Wallach and two graduate students, and was posted on the university’s Computer Security Lab Web site late Sunday. The researchers described the flaw as “serious” and said it could allow an attacker to read snippets of files embedded in Google’s normal Web searches by the Desktop Search offering. Google issued the following statement in response to the flaw discovery:“We were made aware of this vulnerability with the Google Desktop Search software and have since fixed the problem so that all current and future users are secure.”The Google spokesperson also noted that the team of researchers at Rice worked with Google to report and help fix the problem. The Rice researchers said users can check if they have the updated version by selecting the “about” icon in their Google Desktop Search task bar. If it says version number 121004, indicating Dec. 10, 2004, or later, they are safe, the researchers said. A description of the research and the flaw was included in the Rice report posted on the Web:In our research, we searched for a vulnerability that would release private local data to an unauthorized remote entity. Our focus was on the small snippets of local data that the integration feature handled. We realized that this feature was combining local private data with remote public data in an inherently unsafe environment. We present two different attacks that exploit this vulnerability. Although Google Desktop Search is a beta product and is not specifically designed for enterprise use, many corporate users have jumped at the promise to easily search PC files, e-mail messages, and chat logs. Forrester Research warned against potential privacy issues that could result if sensitive corporate content is indexed by the desktop search tool.Another research firm, Meta Group, cautions enterprises to institute formal policies about the use of desktop search products. “Organizations must develop policies to guide end-users concerning the installation of personal search tools offered by commercial search companies…” according to a report by Timothy Hickernell, Vice President of Technology Research Services at Meta Group.Google officials have indicated that the company is currently developing an enterprise version of its desktop search tool that will give greater control to IT administrators, by letting IT designate what content is allowed to be indexed by Google Desktop Search. A release date has not been announced. The enterprise Desktop Search offering also will integrate with the Google Search Appliance. Features will include password protection and support for multiple instances of desktop search on one system, according to Google. Technology Industry