By Christopher Null

Why bother pounding at a website in search of obscure holes when you 
can simply waltz in through the front door?

Hackers have recently done just that, turning to Google to help
simplify the task of honing in on their targets.

"Google, properly leveraged, has more intrusion potential than any 
hacking tool," said hacker Adrian Lamo, who recently sounded the 
alarm.

The hacks are made possible by Web-enabled databases. Because 
database-management tools use canned templates to present data on the 
Web, typing specific phrases into Internet search tools often leads a 
user directly to those templated pages. For example, typing the 
phrase "Select a database to view" -- a common phrase in the 
FileMaker Pro database interface -- into Google recently yielded 
about 200 links, almost all of which led to FileMaker databases 
accessible online.

In a few cases, the databases contained sensitive information. One 
held the addresses, phone numbers and detailed biographies of several 
hundred teachers affiliated with Apple Computer. It also included 
each teacher's user name and password. The database was not protected 
by any form of security.

 ...

http://www.wired.com/news/infostructure/0,1377,57897,00.html