Slashdot Mirror

← Back to Stories (view on slashdot.org)

Googling Your Way Into Hacking

Posted by CmdrTaco on from the don't-be-stupid-here-people dept.

knifee writes "New scientist is running an article explaining how hackers can use Google's cache to quickly hunt down sensitive pages, for example, by searching the terms "bash history", "temporary" and "password". Might be worth looking at this tutorial about robots.txt if you think you might be at risk." That's pretty amusing.

29 of 431 comments (clear)

  1. Google Cache, in case of slashdotting by Anonymous Coward · · Score: 5, Funny

    google

    1. Re:Google Cache, in case of slashdotting by vgaphil · · Score: 4, Funny

      Or go here google

      --
      A clever person solves a problem. A wise person avoids it. -- Einstein
    2. Re:Google Cache, in case of slashdotting by Scott+Hale · · Score: 5, Funny
      Google is not affiliated with the authors of this page nor responsible for its content.

      Now I'm really confused.

    3. Re:Google Cache, in case of slashdotting by SlayerofGods · · Score: 4, Funny

      That is really cool, the whole site is done in it. Someone try to read this and not have your head explode.

      --

      Technology, the cause of and solution to all of life's problems.
    4. Re:Google Cache, in case of slashdotting by joynt · · Score: 4, Funny

      The sad thing is I can read it.

    5. Re:Google Cache, in case of slashdotting by Daath · · Score: 2, Funny

      1 d0n'+ und3r5+4nd... 1+ 100k5 pr3++y n0rm41 +0 m3...

      --
      Any technology distinguishable from magic, is insufficiently advanced.
  2. RIAA Logic: by connsmythe96 · · Score: 5, Funny

    Google can be used to illegaly hack into computers (possibly stealing copyrighted information). Google must be shut down and all of its users owe us lots of money.

    --
    if(!cool) exit(-1);
  3. Yea by mao+che+minh · · Score: 4, Funny
    Must be how that guy found out that my phpnuke code had a mySQL injection flaw in the news module. My article about a Hulk doll with big penis wasn't exactly fine journalism, but I would imagine that it was better then 40 lines of "hacked by Stacey 100% brasil LOL" that it was overwritten with.

    Damn script kiddies.

  4. Sesitive? by GoofyBoy · · Score: 3, Funny


    use Google's cache to quickly hunt down sesitive pages,

    Try hacking a dictionary.

    --
    The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
  5. Re:This happens because of dumb admins, not google by numbski · · Score: 5, Funny

    Wouldn't it be more fun to ln -s ~/.bash_history /dev/random instead?

    Would make for interesting google logs. ;)

    Don't have to worry about that particular problem. Both FreeBSD and MacOS X use tcsh by default anyway, and all of my users are Unix stupid, so they never log into shell.

    --

    Karma: Chameleon (mostly due to the fact that you come and go).

  6. Heh by 4of12 · · Score: 0, Funny

    Yeah, like I always store my bash history in below my DocumentRoot directory.

    Anybody that does this is Running with Scissors.

    --
    "Provided by the management for your protection."
  7. Forgotten by orange_6 · · Score: 4, Funny

    So if I forgot my password, google can just tell me what it is? Can it tell me my credit card number too?

  8. Re:/etc/passwd by jared_hanson · · Score: 3, Funny

    You should really use something other than '*' for your password. It is far to easy to guess. Just a suggestion

    --
    -- Fighting mediocrity one bad post at a time.
  9. Interesting Website Ideas by fastdecade · · Score: 3, Funny

    This article gives me great ideas for a website:

    * bash.history blog - Everything I ran today
    * /dev/tty blog - Everything I typed today
    * /dev/stdout blog - Everything I saw today

    COMING SOON: Welcome to My Bank Account Details, Favourite Passwords I Enjoy Using

  10. Re:This happens because of dumb admins, not google by Bigby · · Score: 5, Funny

    Even better yet, "rm ~/.bash_history && ln -s /dev/dsp ~/.bash_history". Now everything you type will literally "sound like crap".

  11. This is news? by karlandtanya · · Score: 1, Funny
    So, let me get this straight: There is cracking info on the web. And Google can be used to search the web.


    We have a situation here, folks. Something must be done!


    Well, what do you expect from "new scientist"?

    --
    "Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
  12. Re:My favorite... by cybrthng · · Score: 2, Funny

    Doncha just love the fact that the first my documents returned is an MIT students lab PC describing security over wireless networks? haha

  13. some guide! by mblase · · Score: 4, Funny

    Long says an obvious combination of search terms would include the terms "bash history", "temporary" and "password".

    Hmph. When I searched for those phrases at Google, all I got were a bunch of Linux technical how-tos and code samples. If this guy wants to teach us how to be hackers using Google, he's going to have to be more helpful than that!

  14. Re:This happens because of dumb admins, not google by Zigg · · Score: 4, Funny

    Except that it doesn't work, unless you intended to try to execute /dev/audio.

  15. Re:This happens because of dumb admins, not google by Anonymous Coward · · Score: 5, Funny

    OHMYGOD!! TEH SECURITY RAMIFICATIONS!!1!
    http://custom.lab.unb.br/pub/dc e/.bash_history
    pwd
    ls -l
    ls -l
    ls -la
    whoami

    http://www.mhhe.com/socscience/.bash_history
    vi test1
    ls -l
    who am i
    touch test2
    ls -l
    pwd
    cd ../business/
    ls -l
    vi randomfile
    ls
    ls -l
    cd marketing
    ls -l
    pwd

  16. Want mp3s? by Anonymous Coward · · Score: 1, Funny

    search "index of mp3" ;)

  17. Re:This happens because of dumb admins, not google by Havokmon · · Score: 2, Funny
    The security problem isn't google's fault, it is stupid admin's who don't know what they are doing.

    More than once, when looking for a specific dll, I've found a whole software install in a directory on somebodys network.

    --
    "I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
  18. Re:robots.txt by Jugalator · · Score: 4, Funny

    ROFL -- It's also amusing when the admins don't understand what the file is for!

    Look at IBM:

    http://www.ibm.com/robots.txt

    First comment:

    Date: 19950130
    By: epc
    Reason: finally understood what the file was for!

    At least the admin was honest, but a bit embarrasing for being on ibm.com. :-P

    --
    Beware: In C++, your friends can see your privates!
  19. Doesn't work by lawpoop · · Score: 5, Funny
    I tried "bash history", "password", and "temporary", hit "I feel lucky" and I didn't get to hack anything.

    I guess I don't have the patience to be a real hacker.

    --
    Computers are useless. They can only give you answers.
    -- Pablo Picasso
  20. SCO Logic: by KillerHamster · · Score: 4, Funny

    Google uses operating systems! All your code are belong to us! Google must be shut down and all of its users owe us lots of money.

  21. Re:This happens because of dumb admins, not google by Bigbutt · · Score: 4, Funny

    Well, we had a stupid admin who, as a test put the /etc/passwd file into webspace.

    We had another admin who tried to su to root and typed in su [root password]. We check the logs searching for someone typing in a non-user account that looks like garbage and we notify the admin to change their password.

    --
    Shit better not happen!
  22. Re:My favorite... by barryfandango · · Score: 3, Funny

    Oooh that's cool! check this link out that it turned up:

    http://www.liada.net/~secret/

    all in spanish, but the documents are all about toxic substances, i think... and there's one JPEG that appears to be a sketch of a missle! Now that's top secret!

    --
    In all matters of opinion, our adversaries are insane. -Oscar Wilde
  23. All present and accounted for... by medscaper · · Score: 2, Funny
    Can it tell me my credit card number too?

    Sure, John. I just checked. Your Visa number is 4803 1809 2273 4821, expiration 03/05.

    Your Discover card bill is overdue, though. Don't forget, according to this record, you've got 18.5% on overdue, PLUS your $15/mo late fee.

    Your 'condition' should have been cleared up by now, so why'd you refill that prescription on Tuesday? Oh, wait, I see here that you deposited three brand new $20's at the US Bank down near Santa Fe. Doing a little insurance fraud, there? :)

    Oh, I just googled again...your dog wants back in.

    --
    Any sufficiently well-organized Government is indistinguishable from bullshit.
  24. Re:problem with robots.txt tutorial by brooks_talley · · Score: 2, Funny

    Even more entertaining is to add a disallow: /secret.cgi entry, and then have secret.cgi log the IP address, datetime, etc, of requests.

    For bonus points, you can have secret.cgi automatically add requesting IP's to an apache rewrite config file.

    Cheers
    -b