On Tue, Sep 30, 2008 at 10:55 PM, Eliah Kagan <[EMAIL PROTECTED]> wrote: > I wrote: >>> When a http indexing bot (like those used by Google, for instance) >>> comes upon a hyperlink into a page that is http authenticated, does it >>> follow the link and try a blank password, or does it not follow the >>> link? Is there some accepted standard for that? >>> >>> If it is considered acceptable to assume that access is permitted to >>> any system that doesn't have passwords set but present http >>> authentication, it would be hard to argue that other forms of >>> authentication are different. Of course, having gained access, making >>> deliberate modifications, however slight, would be illegal. > > n3td3v wrote: >> All you do is give Googlebot the password and hey presto! Read below: >> >> https://www.google.com/adsense/support/bin/answer.py?answer=37081 > > Yes, but what I'm asking about is what happens if the Google bot (or > other bots) are indexing and come upon a hyperlink, which otherwise > would be followed, of the form: > > http://[EMAIL PROTECTED] > > Does it then try the null ("") password to authenticate, or does it > stop there? Would it be considered computer fraud to try the null > password in this situation? > > This is not necessary a page of a Google AdSense customer. It could be > anything. > > Isn't think what happened to make a whole bunch of Papa Johns' > corporate emails public via the Google cache? (And nobody pressed > criminal charges against Google developers...) > > -Eliah >
Could the bad guys exploit this Adsense bot to do a bit of reconnaissance work if they had obtained passwords and given them to the bot? What kind of info does Adsense bot give back to the bad guys about password-protected pages it has been told to access? I'm not talking about the Mckinnon case right now, I just think I might have just opened a can of worms on a seperate issue. This bot could go in to places and break the law, while the bad guys break no law? This needs to be researched. All the best, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
