Project Un1c0rn Wants To Be the Google For Lazy Security Flaws

Daniel_Stuckey (2647775) writes "Following broad security scares like that caused by the Heartbleed bug, it can be frustratingly difficult to find out if a site you use often still has gaping flaws. But a little known community of software developers is trying to change that, by creating a searchable, public index of websites with known security issues. Think of Project Un1c0rn as a Google for site security. Launched on May 15th, the site's creators say that so far it has indexed 59,000 websites and counting. The goal, according to its founders, is to document open leaks caused by the Heartbleed bug, as well as 'access to users' databases' in Mongo DB and MySQL. According to the developers, those three types of vulnerabilities are most widespread because they rely on commonly used tools. For example, Mongo databases are used by popular sites like LinkedIn, Expedia, and SourceForge, while MySQL powers applications such as WordPress, Drupal or Joomla, and are even used by Twitter, Google and Facebook."

Leet speak?

Seriously? Way to instantly lose all credibility in educated people's eyes

Re:Leet speak?

[ProjectUn1c0rn]

You don't get sarcasms nor irony, don't you ? I don't blame you, I have trouble finding those myself ;)

Needs a different name.

Given it's a listing of security flaws, and the use of automation in malware, etc, I think it should be Project Un1cr0n.

Almost useful

Ok, you've got Google's list of everything, Un1c0rn's list of everything unsafe. What I want is the subset of Google's list that is not on Un1c0rn's list.

Someone hack together that metasearch tool and I'll (anonymously) support you.

Re:Almost useful

[ProjectUn1c0rn]

That's insightful man ! Thanks, glad I came to collect ideas !

Seriously?

[DougOtto]

The search engine on that site returned 7800 sites when I searched on a single IP address. Maybe the site is useful but the signal to noise ratio is WAY too low to bother with.

Re:Seriously?

[ADRA]

Well to be fair, some hosting companies have like a million sites hosted off a single IP, so not exactly irrelevant unless you know its a buggy scanner. Maybe the introduction of better summarization and breakdown tools are needed to enhance the tool, but hell anything takes time to work well for public consumption.

Re:Seriously?

[Iarwain+Ben-adar]

Try putting quotes around your IP address. You'll get better results.

Re:Seriously?

[just_another_sean]

Thanks, that did the trick. I too was getting a lot of results when searching for very specific host names. Quotes around either an IP or host name reduced the results to zero (which is obviously what I was hoping for!). And just to test further I put quotes around a random result that did show up in my initial searches and it just came up once, as expected.

I wouldn't depend it as the only means of double checking a site but it's a good edition to the tool belt. And it should only get better if they don't get sued out of existence.

I predict...

[Chris+Mattern]

If it's actually useful in uncovering sites with security defects, the owners will all be facing criminal indictments before the year is out.

Re:I predict...

[ThatAblaze]

Not if they don't make any money. Punkspider has been available for over a year now, and it does much the same thing.

Usefullness Factor . . .

[tiberus]

Okay, so I want to visit a site. So I have to go search Un1c0rn to see if it's on the list? What about all the ad, video and other sites this sites gets content from? Seems like a plugin that uses data from the "your site is in a poor state" database would be much more practical. It could replace at risk content with a big WHOA! graphic...

Project Un1c0rn?

[fredrated]

Was this named by a five year old?

Re:Project Un1c0rn?

[fahrbot-bot]

Was this named by a five year old?

Probably, and that "OMGP0n1es" was taken.

Re:Project Un1c0rn?

[ProjectUn1c0rn]

Thanks, p0n1es shall be the name of my minions :)

Re:Project Un1c0rn?

[lgw]

Pwn1es, clearly. Does this mean we'll need a "Pwn1es.txt" file to stop the crawler (for that matter are you ignoring robots.txt now?)

As is: worthless

[radioact69]

The search function is worthless, which pretty much makes the whole site worthless. Their data may be good, but if I can't find my site by hostname OR ip without paging through 243 pages of 10 sites at a time... Nope.

Re:As is: worthless

[just_another_sean]

Try this: add quotes to your search

Re:As is: worthless

[radioact69]

Added the quotes around my searches and went from way too many results to none. I guess that's a good thing.

Re: As is: worthless

[Teranolist]

Truly? Every second guy on /. is incapable of using a search bar correctly?

Re:As is: worthless

[just_another_sean]

Yeah, that's what I was hoping for as well. Just to double check the quoting thing though, try this; do a search without the quotes, pick one "hit" from the results and then search for that with the quotes. The expected behavior is that you will get one result. That's what happened when I tried a couple of specific, quoted searches for host names and IP addresses that came back in previous, unquoted searches.

As I mentioned elsewhere I wouldn't count on this alone but it's a good addition to the other tools used to check hosts for problems.

Re: As is: worthless

[just_another_sean]

You again? How about no one has typically had to use such techniques on a search engine since the '90s. Or are you still using AltaVista?

Re: As is: worthless

[Teranolist]

It seems you never search for statements longer than two or three words... pity you

GCHQ

[q4Fry]

So the gchq.gov.uk site that is on there: Honeypot?

Re:GCHQ

[ProjectUn1c0rn]

I would say, check the data in there. If it's closed already it's probably a leak. If it's still open it's either : 1. Testing server with no important data 2. Honey pot servers, waiting for project like us to pick on them and collect our scanners IPs. 3. Really careless people

Re:A publicity stunt that marred by busted search

[just_another_sean]

As some other poster pointed out add quotes around your search will give you the specific results you're looking for. It would be nice if they had a Search Help link or something but it does work better if you use the quotes...

Un1c0rn

[westlake]

Project or password?

Re: A publicity stunt that marred by busted search

[just_another_sean]

Uh, yeah. But I haven't had to use quotes, pluses, minuses or any other "advanced" crap like that in years. What search engine are you using that still requires such tricks to get good results?

I'll give these guys a pass because the project's young but a little, helpful link that says "pretend you're using google 15 years ago" wouldn't hurt.

Well..

[koan]

Shodan HQ?

Public Shaming

[hduff]

While surprisingly effective IRL, not so much on the Internet.

Re:Public Shaming

[ProjectUn1c0rn]

It indeed is not ... Worrying right ?

Re:Public Shaming

[lgw]

Heck, "public shaming" is a fetish on the internet, if you go to the right sites. But then, so is everything. People are weird.

Re: A publicity stunt that marred by busted search

[ProjectUn1c0rn]

The search functionnality is provied by a third-party software. That's what allows us to run quickly on such small hardware for now (fast indexing), but it's clearly not friendly with user inputs. We noted this is the main concerns about our users right now and will do some research on how to improve it ! Thanks

Re: A publicity stunt that marred by busted search

[just_another_sean]

You're welcome and thank you! This looks like quite a nice project, I wish you success. I am short now but will drop by and donate when I can.

Re: A publicity stunt that marred by busted search

[omnichad]

If the 3rd-party software is extensible in any way, making it so that a period is not considered a space/separator character would do the trick for almost all these sorts of problems.

All for poop?

[malloci]

Maybe this was the real reason behind the name: http://www.myrecipes.com/recipe/unicorn-poop-cookies-214011/