Vulnerability Development mailing list archives
Re: Google lists vulnerable sites.
From: "Kurt Seifried" <bugtraq () seifried org>
Date: Fri, 5 Jul 2002 22:28:11 -0600
Let me first say that I do now know if this issue has been brought to light before or in what detail it might have been discussed. On to the show...
It's been brought to light, though not much publicly (like many things).
The problem I have found is that google may be archiving too much information on sites. By carefully crafting search strings you can
It gets much worse. We alerted customers to: http://www.codito.de/prog/mass-scan.gz. on June 13, it's been out a while, and I'm betting it's not the only one. The best though is google's cached data, you don't even have to visit the website half the time to view the sensitive information. It's a great way for avoiding paysites (well.. avoiding paying for the content on the paysites that is ;). Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.iDefense.com/
Current thread:
- Re: Google lists vulnerable sites., (continued)
- Re: Google lists vulnerable sites. Benjamin Krueger (Jul 05)
- Re: Google lists vulnerable sites. sirexar (Jul 06)
- Re: Google lists vulnerable sites. De Velopment (Jul 06)
- Re: Google lists vulnerable sites. Jose Nazario (Jul 06)
- RE: Google lists vulnerable sites. Bryan Allerdice (Jul 06)
- Re: Google lists vulnerable sites. Luis Bruno (Jul 07)
- Re: Google lists vulnerable sites. sirexar (Jul 06)
- Re: Google lists vulnerable sites. Benjamin Krueger (Jul 05)
- Re: Google lists vulnerable sites. Charles 'core' Stevenson (Jul 06)
- Re: Google lists vulnerable sites. Octavio / Super (Jul 06)
- Re: Google lists vulnerable sites. Ron DuFresne (Jul 07)