Tuesday, October 10, 2006

Hackers Taking Too Much Advantage Off Google Code Search?

Security watchers from both sides of the fence have been testing Google's Code Search service to determine whether it can be misused.

Experts at Beyond Security's advisory arm, SecuriTeam, have already discovered that the tool can be used to unearth a treasure trove of vulnerabilities in open source software.

"Like most of Google's tools it can easily be abused for hacking," the SecuriTeam researchers wrote in a blog on the site.

Google Code Search has indexed several billions lines of code from archives hosted on the Web, as well as software control repositories from services like SourceForge and Google Code which host open source projects.

Tom Stocky, a product manager with Google, said at the tool's launch: "We will try to make this useful for everyone from computer science students to serious programmers and even hobbyists and code enthusiasts."

It seems that he forgot to mention hackers. The search tool is also proving to be a source of humour for the geek community.

A number of blogs frequented by coders have already posted a litany of amusing search terms which resulted in comic hits, usually amounting to criticism of coders or 'notes to self' that were presumably never meant to be seen.

Some of the less offensive search terms that return hits on the Google Code Search database include 'In Case Some Idiot', 'The Guy Who Wrote This' and 'I am drunk'.

No comments: