Google's source code search gives hackers a field day

D'Oh!

By Nick Farrell

Mon Oct 09 2006, 10:04

GOOGLE'S SOURCE code search engine has given hackers a leg-up, according to security experts at Fortify Software.

The new engine, which was released last week, is supposed to make life easier for developers by finding source code files on the world wide wibble.

But according to Network World, the security boffins at Fortify Software say that the new engine can be used to search for software bugs, password information and proprietary code that shouldn't have been posted to the Internet.

The engine looks at lines of code whenever it finds source-code files. Fortify Software's Mike Armistead said that it was a doddle to do a search to look for things that were vulnerable and then guess who might use that code snippet and then "just fire away" at it.

Crackers can use search code to find for vulnerabilities in password mechanisms, or to search for phrases within software such as "this file contains proprietary," possibly unearthing source code that should never have been posted to the Internet, he said.

More here. µ

Alleged Gene Simmons web site hacker is arrested Believed to be a member of Anonymous Wednesday, 14 December 2011, 11:45 AM Read more	Mozilla pressures CAs to audit their own security Adobe is also dropping Diginotar Friday, 9 September 2011, 12:18 PM Read more
Microsoft and Mozilla ban Dutch government root certificate PKIoverheid is no more Wednesday, 7 September 2011, 14:35 PM Read more	Vodafone denies femtocells are a security liability THC tells us it warned Vodafone about the flaw in 2009 Friday, 15 July 2011, 11:59 AM Read more
Linkedin SSL vulnerability leaves accounts open to hacking Cookie issues trip up the business networking web site Monday, 23 May 2011, 11:41 AM Read more	Google announces Oauth 2.0 support in APIs Follows Facebook's lead in open authentication Tuesday, 15 March 2011, 10:47 AM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

QA / Quality Assurance Tes

Job Title: QA / Quality Ass...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Google's source code search gives hackers a field day

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review