| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Nov 21 10:19:23 2005 From: ppetkov at gnucitizen.org (Petko Petkov) Subject: Re: Google Base Hi Alexander, You are right! Free hosting, free email, tag based systems exist for quite a while and they can be used for the exact same purposes that I mentioned in my original post. Common, everybody knows how to configure DNS to serve hashes (sort of distributed rainbow tables crack). However, google base it a bit different. First of all Google has enormous storage facilities. You need around 85g for a decent rainbow table. I don't think that I you can find that for free. Yes, maybe, Google Base is not that well suited for this kind of stuff but, still. Unfortunately, malware can spread by using google base as well, and it will be far better than using email (email accounts can be blocked). If someone find another vulnerability in JPG and GIF, how much time it is going to take in order to create sort of mass infection. What about XSS attacks. I am not sure if the GIF HEADERS bug is present in Google Base (I have to check for this), however at some point you may find that certain browsers respond to media content differently. Google Base allows you to upload content almost anonymously :); and because it is free everyone can use it for their own purpose (and respectively abuse it for their own purpose). Google Base content is reused by other google applications (google maps, local, etc), which means that a bug in google base will result in bugs in almost everything else that google has. As you can see; with the great power comes the great responsibility. Google affect us all in direct or indirect way. I have nothing against google. I hope that this contributes in a positive way to the current discussion. :) Cheers, Petko Alexander Klimov wrote: >On Fri, 18 Nov 2005, Petko Petkov wrote: > > >>I was playing around with goggle base and I must say I am quite >>impressed and in the same time scared to death. Goggle base is the most >>amazing thing I have seen for a while and it can be used for many >>different things. >> >> > >What exactly is so special about it? > >Free web hosting is available for many years and can be used to share >content with the world. Free unlimited web email is also available for >quite some time and can be used to store (encrypted) information for >internal use. There are a lot of free spots for forums and blogs in >internet. Keywording (tagging) URLs is not new either (see, e.g., ><http://del.icio.us/>). > > > >>Now here is a list that I built for you how to use goggle base for >>your own good: >> >>* Brute forcer - massive storage for mare mortals. >>* Keep your exploits >>* Keep your code fragments >>* Keep your advisories and security notes >>* Log there :) >>* Write a book (Goggle Book) :) >>* You can write even a Game Book. >>* Write a game and store its data on goggle base >>* Use it to hold your secret hacker tools (with encryption) :) just joking >>* Make a goggle base forum >>* Make a security list >> >> > >What of this was impossible without google base? > > >
Powered by blists - more mailing lists