By Paul Roberts
October 05, 2006
No sooner had Google launched its Code Search feature than folks figured
out (surprise, surprise) that it's a pretty good tool for finding holes
in software, too, as this Securiteam blog entry shows.
Turns out that intrepid developers put some pretty good "tells" into
their code, especially in the form of artlessly named functions and
other "notes to self" planted in comments that were never meant to see
the light of day. Google has shown us sooo many times before how it can
lay bare that which was not meant to be seen. It's no different with
uncompiled source code. So developers -- clean up that code before the
Googlebot finds it first!
My favorite Google Code Search hack so far? "backdoor password"
(courtesy of Chris at Vulnwatch)
Donate online for the Ron Santo Walk to Cure Diabetes!