http://weblog.infoworld.com/techwatch/archives/008244.html By Paul Roberts October 05, 2006 No sooner had Google launched its Code Search feature than folks figured out (surprise, surprise) that it's a pretty good tool for finding holes in software, too, as this Securiteam blog entry shows. Turns out that intrepid developers put some pretty good "tells" into their code, especially in the form of artlessly named functions and other "notes to self" planted in comments that were never meant to see the light of day. Google has shown us sooo many times before how it can lay bare that which was not meant to be seen. It's no different with uncompiled source code. So developers -- clean up that code before the Googlebot finds it first! My favorite Google Code Search hack so far? "backdoor password" (courtesy of Chris at Vulnwatch) _________________________________ Donate online for the Ron Santo Walk to Cure Diabetes! http://www.c4i.org/ethan.html
This archive was generated by hypermail 2.1.3 : Thu Oct 05 2006 - 23:52:30 PDT