The Inquirer-Home

Google's source code search gives hackers a field day

D'Oh!
Mon Oct 09 2006, 10:04
GOOGLE'S SOURCE code search engine has given hackers a leg-up, according to security experts at Fortify Software.

The new engine, which was released last week, is supposed to make life easier for developers by finding source code files on the world wide wibble.

But according to Network World, the security boffins at Fortify Software say that the new engine can be used to search for software bugs, password information and proprietary code that shouldn't have been posted to the Internet.

The engine looks at lines of code whenever it finds source-code files. Fortify Software's Mike Armistead said that it was a doddle to do a search to look for things that were vulnerable and then guess who might use that code snippet and then "just fire away" at it.

Crackers can use search code to find for vulnerabilities in password mechanisms, or to search for phrases within software such as "this file contains proprietary," possibly unearthing source code that should never have been posted to the Internet, he said.

More here. µ

Share this:

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

aboutus
Advertisement
Subscribe to INQ newsletters
Advertisement
INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?