[NetBehaviour] Hackers find use for Google Code Search.

marc marc.garrett at furtherfield.org
Mon Oct 9 12:51:05 CEST 2006

Hackers find use for Google Code Search.

By Robert McMillan.

Google has inadvertently given online attackers a new tool.

The company's new source-code search engine, unveiled Thursday as a tool 
to help simplify life for developers, can also be misused to search for 
software bugs, password information and even proprietary code that 
shouldn't have been posted to the Internet, security experts said Friday.

Unlike Google's main Web search engine, Google Code Search peeks into 
the lines of code whenever it finds source-code files on the Internet. 
This will make it easier for developers to search source code directly 
and dig up open source tools they may not have known about, but it has a 

"The downside is that you could also use that kind of search to look for 
things that are vulnerable and then guess who might have used that code 
snippet and then just fire away at it," says Mike Armistead, vice 
president of products with source-code analysis provider Fortify Software.

Attackers could also search code for vulnerabilities in password 
mechanisms, or to search for phrases within software such as "this file 
contains proprietary," possibly unearthing source code that should never 
have been posted to the Internet.


More information about the NetBehaviour mailing list