[ISN] Search Engines Can Expose Open Source Holes

[InfoSec News <alerts@xxxxxxxxxxxxxxx>]

http://www.eweekeurope.co.uk/comment/search-engines-could-be-a-hackers-doorway-for-unwary-coders-45712

By Eric Doyle
eWEEK Europe
November 14, 2011

Tools such as Google Code Search can provide hackers with a wealth of 
information hidden in open source code, writes Eric Doyle

The downside of open source is its very openness. Hackers are using Open 
Source Intelligence (OSint) to find personal information and even 
passwords and usernames to plan their exploits.

Organisations like Anonymous and LulzSec have been using Google Code 
Search - a public beta in which Google let users search for open source 
code on the Internet - according to Stach & Lui, a penetration testing 
firm.  In Code Search, they can unearth information to assist them in 
their exploits, for instance finding passwords for cloud services which 
have been embedded in code, or configuration data for virtual private 
networks, or just vulnerabilities that lay the system open to other 
hacking ploys, such as SQL injection.


Google Hacking

The Google service is due to be switched off next year as part of the 
companyâs rationalisation of its research efforts with the closure of 
Google Labs but that does not mean that exposed code on the Internet 
will be safer. There are several sites which provide similar services.

[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn