full disclosure...
unique user-agent = >User-Agent: Mozilla/4.0 (compatible; Google Desktop)
|
opps I hit submit by mistake.. heres the rest of the sigs
alert tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg: "BLEEDING-EDGE Google
Desktop User-Agent Detected"; flow: to_server,established;
content:"User-Agent: Mozilla/4.0 (compatible; Google Desktop)";
nocase; classtype: policy-violation; sid: 3000001; rev:1;)
and then it goes over ssl
alert tcp $EXTERNAL_NET 443 -> $HOME_NET 1024:65535 (msg: "BLEEDING-EDGE
Google SSL key exchange"; flow: from_server,established; content:"|30 36
30 36 30 37 32 32 31 32 35 34 5A 30 68 31|"; rawbytes; content:"|77 77
77 2E 67 6F 6F 67 6C 65 2E 63 6F 6D|"; rawbytes;
classtype:policy-violation; sid: 3000002; rev:1;)
|
This is the Snort sigs that are in occurence when Google Desktop Service 3 is running . Right now, as the service is from a Desktop, the firewal permits the data gram to go thru 'as outbound traffic. And the data is cached on a google server that you can do the 'remote' search or "access your documents from anywhere"
Thus all documents and what can be cached for 1 month on the Google servers (yes they say only one month).-- but who knows how valuable the info assest are!!
Thus there are Privacy and security risk issue with GDS/B3. Inital footprint to negate is outlined above.
I have been tracking the efforts of the cleveland state uni on this issue :)-
|
