The recent release of Google's Desktop Search has raised concerns that remote users connecting with their systems via an SSL VPN could be leaving themselves open to data theft.
Despite features in many SSL VPNs that claim to clean out cache memory at the end of a session, it seems that a whole new generation of indexing applications, such as Google's Desktop Search, records information that can be read even when cache-cleaner technology is being used.
"The problem is companies are under the impression nothing has been left behind," said Daniel Steiner, chief executive of SSL VPN vendor Whale. "There is a lot of potentially harmful information that can be recorded by this flaw."
Traditionally cache-cleaning software removes any temporary files created during SSL VPN sessions. But with Desktop Search, with its inbuilt caching, users will find that their software has been bypassed.
Google Desktop search is one of at least a dozen such search engines that using caching technology.