Slashdot Mirror


Googling Your Way Into Hacking

knifee writes "New scientist is running an article explaining how hackers can use Google's cache to quickly hunt down sensitive pages, for example, by searching the terms "bash history", "temporary" and "password". Might be worth looking at this tutorial about robots.txt if you think you might be at risk." That's pretty amusing.

6 of 431 comments (clear)

  1. This happens because of dumb admins, not google by mjmalone · · Score: 5, Insightful

    For example, one common filename for passwords is "bash history".

    This guy is a security consultant? Come on, what admin in their right mind would enter a password in cleartext on the command line and allow it to be stored in ~/.bash_history? The first thing I do when I log onto a box is link bash_history to /dev/null, just out of habit. The security problem isn't google's fault, it is stupid admin's who don't know what they are doing.

    1. Re:This happens because of dumb admins, not google by gooru · · Score: 5, Insightful

      It's not even just ~/.bash_history but ~/ itself! Who in the world would make that world-readable and published on the web?!?!? This isn't even the default for any configuration I've seen. (Does anyone else know differently?) It's one thing to spider ~/public_html or /var/www or whatever you have set up for your webserver...quite another to have ~/ published on the web. I can't believe this is a security problem for people, though I suppose it is a proven possibility.

  2. Scuse me? by arth1 · · Score: 5, Insightful

    Shouldn't that be bash_history, passwd and tmp?
    Was this written down by a non-techie from an audio interview?

    Regards,
    --
    *Art

  3. Wrong use of robots.txt by vadim_t · · Score: 5, Insightful

    It's supposed to be used to tell bots not to access some parts of your site due to other reasons.

    Common reasons would be that you host a site with a forum on a DSL line and don't want google to index all 5000 threads on it. It's also good for dynamic pages, for example it makes no sense to index a generated page that will be out of date tomorrow. It'll be much better to let it index the archive instead.

    Using this for security is just stupid though, as it'd contain a list of vulnerable places. Maybe it will make harder for people to find your vulnerabilities from google, but it will help a lot whoever wants to attack you specifically.

    Security problems have to be fixed by setting proper permissions and keeping your server up to date, and not by relying on that every spider that comes to your site will be polite enough to follow robots.txt

  4. Re:problem with robots.txt tutorial by PetoskeyGuy · · Score: 4, Insightful

    I hope you at least have an .htaccess on the files to put a password on that directory. Hard-to-guess names is good, but making them password protected is better.

    Of course on some of the cheaper web hosting companies out there you can just search the /home/*/web folders. They have to be public so the web server can read them. Stupid I know, but all to common. Config.php for most apps will have all the users passwords in plaintext.

    The HTTPD user should be a member of each users group so you don't have to set world rights to your files. Assuming it's just hosting and no other rights are required.

  5. Re:It's a little harder... by Elminst · · Score: 4, Insightful

    But the third link down gives us this-
    http://216.239.57.104/search?q=cache:p5ouM3 2marEJ: www.necmitsubishi.com/markets-solutions/government /necfiles/Chicago911.doc+%22do+not+distribute%22+p assword&hl=en&ie=UTF-8

    Which at the bottom of the document has-

    Editors Note:
    Product photography is available at http://www.liska.com/necmit.
    Username: necmit
    Password: monitors


    Which seems to prove the point of the search...

    --
    No unauthorized use. Trespassers will be shot. Survivors will be shot again.