Information Security News mailing list archives
Search Engines Can Expose Open Source Holes
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 16 Nov 2011 03:20:57 -0600 (CST)
http://www.eweekeurope.co.uk/comment/search-engines-could-be-a-hackers-doorway-for-unwary-coders-45712 By Eric Doyle eWEEK Europe November 14, 2011Tools such as Google Code Search can provide hackers with a wealth of information hidden in open source code, writes Eric Doyle
The downside of open source is its very openness. Hackers are using Open Source Intelligence (OSint) to find personal information and even passwords and usernames to plan their exploits.
Organisations like Anonymous and LulzSec have been using Google Code Search - a public beta in which Google let users search for open source code on the Internet - according to Stach & Lui, a penetration testing firm. In Code Search, they can unearth information to assist them in their exploits, for instance finding passwords for cloud services which have been embedded in code, or configuration data for virtual private networks, or just vulnerabilities that lay the system open to other hacking ploys, such as SQL injection.
Google HackingThe Google service is due to be switched off next year as part of the company’s rationalisation of its research efforts with the closure of Google Labs but that does not mean that exposed code on the Internet will be safer. There are several sites which provide similar services.
[...]
_____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Search Engines Can Expose Open Source Holes InfoSec News (Nov 16)