Full Disclosure mailing list archives
Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US
From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Tue, 30 Sep 2008 17:55:18 -0400
I wrote:
When a http indexing bot (like those used by Google, for instance) comes upon a hyperlink into a page that is http authenticated, does it follow the link and try a blank password, or does it not follow the link? Is there some accepted standard for that? If it is considered acceptable to assume that access is permitted to any system that doesn't have passwords set but present http authentication, it would be hard to argue that other forms of authentication are different. Of course, having gained access, making deliberate modifications, however slight, would be illegal.
n3td3v wrote:
All you do is give Googlebot the password and hey presto! Read below: https://www.google.com/adsense/support/bin/answer.py?answer=37081
Yes, but what I'm asking about is what happens if the Google bot (or other bots) are indexing and come upon a hyperlink, which otherwise would be followed, of the form: http://someone@[subdomains.]somewhere.tld Does it then try the null ("") password to authenticate, or does it stop there? Would it be considered computer fraud to try the null password in this situation? This is not necessary a page of a Google AdSense customer. It could be anything. Isn't think what happened to make a whole bunch of Papa Johns' corporate emails public via the Google cache? (And nobody pressed criminal charges against Google developers...) -Eliah _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US, (continued)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Miller Grey (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Message not available
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Exibar (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Eliah Kagan (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Eliah Kagan (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Chris Jeane (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US offbitz (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Michael Krymson (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Eliah Kagan (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Valdis . Kletnieks (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Miller Grey (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US n3td3v (Sep 30)
- Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US Miller Grey (Sep 30)