Google's source code search gives hackers a field day

GOOGLE'S SOURCE code search engine has given hackers a leg-up, according to security experts at Fortify Software.

The new engine, which was released last week, is supposed to make life easier for developers by finding source code files on the world wide wibble.

But according to Network World, the security boffins at Fortify Software say that the new engine can be used to search for software bugs, password information and proprietary code that shouldn't have been posted to the Internet.

The engine looks at lines of code whenever it finds source-code files. Fortify Software's Mike Armistead said that it was a doddle to do a search to look for things that were vulnerable and then guess who might use that code snippet and then "just fire away" at it.

Crackers can use search code to find for vulnerabilities in password mechanisms, or to search for phrases within software such as "this file contains proprietary," possibly unearthing source code that should never have been posted to the Internet, he said.

More here. µ