lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <412AC9EE.80400@sfsu.edu>
Date: Mon, 23 Aug 2004 21:54:06 -0700
From: Alex Keller <alkeller@...u.edu>
To: bugtraq@...urityfocus.com
Subject: Re: New google's top query?


Re: New google's top query?

this "hack" (really a numrange search) was covered at DEFCON12 
(http://www.defcon.org/html/defcon-12/dc-12-index.html) and widely known 
before it was publicized by Johnny Long (http://johnny.ihackstuff.com/) 
during his talk at the conference (to his credit, he did NOT release the 
exact syntax BTW). following that search now will yield little sensitive 
info, as most of the affected sites have removed the pages that 
demonstrated this security breach. Google is well aware of the malicious 
activity that can be aided with their search engine....but they are in a 
bit of a predicament between notions of security and freedom; a common 
juxtaposition in politics, social order, and network security.

this forum at Johnny's site has plenty more search "hacks":
http://johnny.ihackstuff.com/index.php?module=prodreviews

for further investigation and vulnerability testing, check out 
Foundstone's SiteDigger: 
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/s3i_tools.htm

Athena is another powerful Google digging tool that can expose search 
vulnerabilities; although i can't seem to find a working download site 
right now. you can grab the entire DEFCON12 iso (457MB) at:
http://130.212.20.4/admin/defcon/defcon12.iso
Athena can be found in the directory "Long".

happy Google hunting...oh yeah, don't be an idiot and use this info for 
evil.

-alex


other
Jérôme ATHIAS wrote:

> 
> Hi,
> 
> 
> 
> i don't remember to have seen this info here...
> 
> 
> 
> If information is knowledge and knowledge is power, then Google must be all powerful. I say this because of the thing you can find on Google if you know how to look for them. A new Google hack has come to my attention that brings back some information that is a bit troubling. I must say that it is also good for the more you know about something the better you are to act upon it. The hack is this:
> 
> 
> 
> http://www.google.com/search?q=visa+4356000000000000..4356999999999999
> 
> 
> 
> When this query is put into the Google search, an idea of the brut strength of Google becomes apparent. You can find things like this, which may worry you if you found your name on it.
> 
> 
> 
> I’m not really sure if Google knows what it can do, but they take an interesting stance toward their provision of data.
> 
> 
> 
> Regards,
> 
> Jérôme
> 
> 





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ