Hackers find use for Google Code Search.
By Robert McMillan.
Google has inadvertently given online attackers a new tool.
The company's new source-code search engine, unveiled Thursday as a tool
to help simplify life for developers, can also be misused to search for
software bugs, password information and even proprietary code that
shouldn't have been posted to the Internet, security experts said Friday.
Unlike Google's main Web search engine, Google Code Search peeks into
the lines of code whenever it finds source-code files on the Internet.
This will make it easier for developers to search source code directly
and dig up open source tools they may not have known about, but it has a
drawback.
"The downside is that you could also use that kind of search to look for
things that are vulnerable and then guess who might have used that code
snippet and then just fire away at it," says Mike Armistead, vice
president of products with source-code analysis provider Fortify Software.
Attackers could also search code for vulnerabilities in password
mechanisms, or to search for phrases within software such as "this file
contains proprietary," possibly unearthing source code that should never
have been posted to the Internet.
more...
http://linkme2.net/a6
_______________________________________________
NetBehaviour mailing list
[email protected]
http://www.netbehaviour.org/mailman/listinfo/netbehaviour
