Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Find Use for Google Code Search

Posted by ryuzaki0 on from the thats-why-you-don't-comment-code dept.

An anonymous reader wrote in to say that "Google has inadvertently given online attackers a new tool. The company's new source-code search engine, unveiled Thursday as a tool to help simplify life for developers, can also be misused to search for software bugs, password information and even proprietary code that shouldn't have been posted to the Internet, security experts said Friday. "

2 of 176 comments (clear)

  1. They must have read Slashdot! by kafka47 · · Score: 4, Informative

    Slashdot readers beat 'em to it!

    The previous story /. precipitated comments that did exactly that.

  2. Re:Isn't the point of open source... by julesh · · Score: 4, Informative

    But it is that easy. Back in the original slashdot article concerning the search tool, somebody posted a link to a result page that included a rather large number of php scripts that were vulnerable to SQL injections. Other common flaws should also be easy to search for.

    The problem is, not all developers perform this kind of search over their code. They may not even be aware that it's helpful.