Comments on: GDS & Medical Information http://www.brendonwilson.com/blog/2004/11/24/gds-medical-information/ The personal web site of Brendon J. Wilson, a software developer, technologist, and entrepreneur living in Vancouver, British Columbia, Canada. Mon, 06 Sep 2010 10:19:44 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Brendon J. Wilson http://www.brendonwilson.com/blog/2004/11/24/gds-medical-information/comment-page-1/#comment-285 Brendon J. Wilson Wed, 30 Nov -0001 00:00:00 +0000 http://www.brendonwilson.com/blog/?p=204#comment-285 Of course, this kind of vulnerability applies equally to any of the other desktop search tools. One has to wonder: will the <a href="http://www.apple.com/macosx/tiger/spotlight.html">Spotlight feature</a> in Tiger (the next version of the Mac OS X) similarly risk exposing user's sensitive data? And do users recognize that GDS even poses a risk to data secured by hard disk encryption solutions? After all, as long as the data is accessible at some point (such as when the encrypted volume is mounted by the user), GDS will probably attempt to index it and, in doing so, risk leaking data outside the confines of the encrypted volume. Of course, this kind of vulnerability applies equally to any of the other desktop search tools. One has to wonder: will the Spotlight feature in Tiger (the next version of the Mac OS X) similarly risk exposing user’s sensitive data?

And do users recognize that GDS even poses a risk to data secured by hard disk encryption solutions? After all, as long as the data is accessible at some point (such as when the encrypted volume is mounted by the user), GDS will probably attempt to index it and, in doing so, risk leaking data outside the confines of the encrypted volume.

]]> By: Evan Wise http://www.brendonwilson.com/blog/2004/11/24/gds-medical-information/comment-page-1/#comment-286 Evan Wise Wed, 30 Nov -0001 00:00:00 +0000 http://www.brendonwilson.com/blog/?p=204#comment-286 One more thing to note about the Spotlight Store: There is one content index and one meta-data store per file system. This keeps the content indexes and meta-data stores with the files they belong to—crucial when using external FireWire drives that travel from Mac to Mac. from: http://developer.apple.com/macosx/tiger/spotlight.html So it would appear that the GDS bug may hit again... One more thing to note about the Spotlight Store: There is one content index and one meta-data store per file system. This keeps the content indexes and meta-data stores with the files they belong to—crucial when using external FireWire drives that travel from Mac to Mac.

from: http://developer.apple.com/macosx/tiger/spotlight.html

So it would appear that the GDS bug may hit again…

]]> By: Brendon J. Wilson http://www.brendonwilson.com/blog/2004/11/24/gds-medical-information/comment-page-1/#comment-287 Brendon J. Wilson Wed, 30 Nov -0001 00:00:00 +0000 http://www.brendonwilson.com/blog/?p=204#comment-287 Well, actually, it would appear that the Spotlight design team was smart enough to avoid the problem entirely. Storing the index with the volume to which it relates guards against sensitive data residing on an encrypted volume from being exposed when the volume is not mounted. However, I'm unclear on whether or not GDS has made the same design choice. Would require additional research. Well, actually, it would appear that the Spotlight design team was smart enough to avoid the problem entirely. Storing the index with the volume to which it relates guards against sensitive data residing on an encrypted volume from being exposed when the volume is not mounted.

However, I’m unclear on whether or not GDS has made the same design choice. Would require additional research.

]]>