Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US

["Eliah Kagan" <degeneracypressure () gmail com>]

I wrote:
> > When a http indexing bot (like those used by Google, for instance)
> > comes upon a hyperlink into a page that is http authenticated, does it
> > follow the link and try a blank password, or does it not follow the
> > link? Is there some accepted standard for that?
> >
> > If it is considered acceptable to assume that access is permitted to
> > any system that doesn't have passwords set but present http
> > authentication, it would be hard to argue that other forms of
> > authentication are different. Of course, having gained access, making
> > deliberate modifications, however slight, would be illegal.

n3td3v wrote:
> All you do is give Googlebot the password and hey presto! Read below:
>
> https://www.google.com/adsense/support/bin/answer.py?answer=37081

Yes, but what I'm asking about is what happens if the Google bot (or
other bots) are indexing and come upon a hyperlink, which otherwise
would be followed, of the form:

http://someone@[subdomains.]somewhere.tld

Does it then try the null ("") password to authenticate, or does it
stop there? Would it be considered computer fraud to try the null
password in this situation?

This is not necessary a page of a Google AdSense customer. It could be anything.

Isn't think what happened to make a whole bunch of Papa Johns'
corporate emails public via the Google cache? (And nobody pressed
criminal charges against Google developers...)

-Eliah

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/