lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Jul  5 10:04:49 2006
From: seclists at syneticon.de (Denis Jedig)
Subject: Google and Yahoo search engine zero-day code

n3td3v wrote:

> Today's disclosure involves Google and Yahoo search engines:
> 
> All you need to do is put in the code to a web page, when Google and
> Yahoo visit it, then the code exploits the software they use and makes
> them start caching 'other' pages. Including 'no index' pages, where
> sites have setup a robot text file on their server to protect
> corporate and consumer interests.

I think you missed the concept here. Whatever is on the webservers and 
is available to the public is... well... available to the public.

It does not help security matters to introduce a robots.txt - the 
purpose of this directives file is not to secure something but to reduce 
traffic and keep irrelevant content out of search engines.

If you need security, you introduce some kind of authentication *before* 
access is allowed to sensitive data. You will find that a sign reading 
"Do not enter and do not steal any gold" will not help much at the Fort 
Knox entrance if it is the only security measure.

Denis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ