lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0601190028380.25052-100000@bugsbunny.castlecops.com>
Date: Thu, 19 Jan 2006 00:29:38 -0500 (EST)
From: Paul Laudanski <zx@...tlecops.com>
To: Lance James <bugtraq@...urescience.net>
Cc: bugtraq@...urityfocus.com, <webappsec@...urityfocus.com>
Subject: Re: [DCC SPAM] Hacking With The Google Search Engine


On Sun, 15 Jan 2006, Lance James wrote:

> >Full: http://castlecops.com/article-6466-nested-0-0.html
> >  
> >
> 
> This was all done in 2003, also, see Google Hacking for Penetration
> Testers by Johnny Long.
> http://johnny.ihackstuff.com has a huge google hacking database.

>From Darren Miller:

Lance,

Thank you for your feedback Lance, I always enjoy hearing from others.

The reason I wrote this article is a new client of mine, as of 3 days
ago, was hacked because of just such an issue. I know that this type of
information is widely available and has been for quite some time. The
fact is many people, unlike us, don't know about it. There are always
new readers and consumers of information and that is why I write
articles like this from time to time. 

The interesting thing is that in just a few days this article has been
read thousands of times more that what is posted on castlecops.com and
defendingthenet.com. I have rec'd e-mails thanking me for writing the
article. Obviously from people who don't already have this information.
Think about all the people you know that only see Google as just another
search engine.

Darren W. Miller

-- 
Paul Laudanski, Microsoft MVP Windows-Security
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com



-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ