Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code
p2pnet - rss feed: http://p2pnet.net/p2p.rss | p2pnet celebrities: http://p2pnet.net/celeb.rss | Mobile? http://p2pnet.net/index-wml.php

Google Code Search

p2pnet.net News:- Google is flooding the Net with products and there are now so many that it’s impossble to keep track of them all. But one of the most recent is the for-the-moment free code search engine the company says will help developers develop by allowing them to find actual lines of code.

But rather than being an aid to creators, will it in fact end up becoming a boon for hackers?

“The downside is that you could also use that kind of search to look for things that are vulnerable and then guess who might have used that code snippet and then just fire away at it,” PC World has Fortify Software spokesman Mike Armistead saying.

Hackers, “could also search code for vulnerabilities in password mechanisms, or to search for phrases within software such as ‘this file contains proprietary,’ possibly unearthing source code that should never have been posted to the Internet,” says the story, also quoting Computer Sciences’ Johnny Long as stating that Code Search is “another tool that makes it a tad easier for the attacker”.

However, “If Google Code Search can uncover passwords and credentials, then so can other, less well-known tools,” says ZDNet UK, adding:

“The right reaction isn’t to avert our gaze and instruct everyone else to do the same: it’s to highlight the flaws and spread the word so that people don’t leave sensitive information in public places. There is no security in obscurity, simply because there is no obscurity. Pretending otherwise is doing nobody any favours - and finding flaws is the first step to fixing them.”

Meanwhile, Luke Metcalfe in Sydney, Australia, has a few interesting thoughts he expresses on his Bayesian Empire blog.

“This is something I’ve been waiting for for ages,” he declares.

Why? Acronym discovery!

This regex “s+Iw+s+Pw+s+Ow+s+Dw+” means find sequences of words that match I*, P* O* D*. We get from this:

# indexes pairs of digits
# invalid path or domain
# important property of DOM

sLw+s+Ow+s+Vw+s+Ew+ searches for love and gets “lock on VLDB entry”

sIw+s+Bw+s+Mw+ finds i.b.m. and gets :

# is being moved
# image being manipulated

s.h.i.t.

# signal handler is trashed
# systems hide it there

r.s.s.

# random string sent
# related structures stored
# report some statistics

The possibilities are endless. heh

Also See:
PC World - New Google Tool Also Handy for Mischief, October 9, 2006
ZDNet UK - Code search is not the source of all evil, October 9, 2006

p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile - http://p2pnet.net/index-wml.php

This entry was posted on Tuesday, October 10th, 2006 at 8:52 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1379 times

« previous ‘High risk’ criminals web site
Queens of online gaming next »

Leave a Reply
    Advertisments
Teksavvy