[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Search Engines Can Expose Open Source Holes
By Eric Doyle
November 14, 2011
Tools such as Google Code Search can provide hackers with a wealth of
information hidden in open source code, writes Eric Doyle
The downside of open source is its very openness. Hackers are using Open
Source Intelligence (OSint) to find personal information and even
passwords and usernames to plan their exploits.
Organisations like Anonymous and LulzSec have been using Google Code
Search - a public beta in which Google let users search for open source
code on the Internet - according to Stach & Lui, a penetration testing
firm. In Code Search, they can unearth information to assist them in
their exploits, for instance finding passwords for cloud services which
have been embedded in code, or configuration data for virtual private
networks, or just vulnerabilities that lay the system open to other
hacking ploys, such as SQL injection.
The Google service is due to be switched off next year as part of the
companyâs rationalisation of its research efforts with the closure of
Google Labs but that does not mean that exposed code on the Internet
will be safer. There are several sites which provide similar services.
Subscribe to InfoSec News - www.infosecnews.org