AOH :: ISN-3106.HTM

Code Search joins hackers' toolbelt




Code Search joins hackers' toolbelt
Code Search joins hackers' toolbelt



http://weblog.infoworld.com/techwatch/archives/008244.html 

By Paul Roberts
October 05, 2006

No sooner had Google launched its Code Search feature than folks figured 
out (surprise, surprise) that it's a pretty good tool for finding holes 
in software, too, as this Securiteam blog entry shows.

Turns out that intrepid developers put some pretty good "tells" into 
their code, especially in the form of artlessly named functions and 
other "notes to self" planted in comments that were never meant to see 
the light of day. Google has shown us sooo many times before how it can 
lay bare that which was not meant to be seen. It's no different with 
uncompiled source code. So developers -- clean up that code before the 
Googlebot finds it first!

My favorite Google Code Search hack so far? "backdoor password" 
(courtesy of Chris at Vulnwatch)


_________________________________
Donate online for the Ron Santo Walk to Cure Diabetes!
http://www.c4i.org/ethan.html 

Site design & layout copyright © 1986-2014 CodeGods