The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Hackers find use for Google Code Search

Posted by Xavier Ashe on October 9, 2006

The company's new source-code search engine,
unveiled Thursday as a tool to help simplify life for developers, can
also be misused to search for software bugs, password information, and
even proprietary code that shouldn't have been posted to the Internet
in the first place, security experts said Friday.

Unlike Google's main Web search engineGoogle Code Search
peeks into the actual lines of code whenever it finds source-code files
on the Internet. This will make it easier for developers to search
source code directly and dig up open-source tools they may not have
known about, but it has a drawback.

“The
downside is that you could also use that kind of search to look for
things that are vulnerable and then guess who might have used that code
snippet and then just fire away at it,” said Mike Armistead, vice
president of products with source-code analysis provider Fortify
Software Inc.

Give 'em an inch… Read the full article from Infoworld.


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: