Re: Google lists vulnerable sites.

From: Kurt Seifried (bugtraqat_private)
Date: Fri Jul 05 2002 - 21:28:11 PDT

Next message: George W. Capehart: "Re: Ports 0-1023?"

Previous message: Bryan Allerdice: "RE: Google lists vulnerable sites."
In reply to: silencedscreamat_private: "Google lists vulnerable sites."
Next in thread: Charles 'core' Stevenson: "Re: Google lists vulnerable sites."
Reply: Charles 'core' Stevenson: "Re: Google lists vulnerable sites."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Let me first say that I do now know if this issue has been brought to
> light before or in what detail it might have been discussed.  On to the
> show...

It's been brought to light, though not much publicly (like many things).

> The problem I have found is that google may be archiving too much
> information on sites.  By carefully crafting search strings you can

It gets much worse. We alerted customers to:

http://www.codito.de/prog/mass-scan.gz.

on June 13, it's been out a while, and I'm betting it's not the only one.

The best though is google's cached data, you don't even have to visit the
website half the time to view the sensitive information. It's a great way
for avoiding paysites (well.. avoiding paying for the content on the
paysites that is ;).

Kurt Seifried, kurtat_private
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.iDefense.com/

Next message: George W. Capehart: "Re: Ports 0-1023?"
Previous message: Bryan Allerdice: "RE: Google lists vulnerable sites."
In reply to: silencedscreamat_private: "Google lists vulnerable sites."
Next in thread: Charles 'core' Stevenson: "Re: Google lists vulnerable sites."
Reply: Charles 'core' Stevenson: "Re: Google lists vulnerable sites."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 05 2002 - 22:54:38 PDT