Google security vulnerability?

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Joseph Lorenzo Hall <jhall () astron berkeley edu>
Date: Fri, 11 Apr 2003 17:19:08 -0700 (PDT)
To: Dave Farber <dave () farber net>
Subject: Google security vulnerability?


[If posted to IP, someone please tell me I'm crazy and that the
implications of this aren't pretty big. -joe]

Dave, I Thought you might be interested in this...

Incidentally, I was just installing ethereal (a network tool) on my
Mac and may have found an interesting security flaw in Google
(although it's not a terribly useful one).  Check this out (I'll have
to demonstrate by example):

1) Go to Google and search for "sudo ethereal"

2) The third entry should be entitled, "II. Lab Experiments" that is
linked to http://www.comp.nus.edu.sg/~cs3103/labs/lab1.pdf

3) If you click on this link it prompts you for a password... aw
shucks, it looked neat.

4) "But wait", you ask, "How did Google get the title if it's behind a
password authentication?" Well, look closely at the search result.

5) Go back to the results page and click on the "View as HTML" link
for the same URL (that was password protected).

6) Poof! You should see a crappy translation of a PDF into HTML...
but much of the document is still there!!!

I haven't heard anyone talk about this... I don't think it's in that
new "Google Hacks" book by O'Rielly, either.

hope that was interesting,
Joe

------------------------------------------------------------------
Joseph Lorenzo Hall                     jhall () astro berkeley edu



------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/