I came across this query today that ostensibly returns database usernames and passwords. Check it out
Notice how every single entry says “…Password Obscured…”
Interesting eh? Google has finally caught onto the fact that people have been leveraging their index to find exploitable systems.
As most of you know, the practice of using Google to find exploitable systems has been going on for a long long LONG time, but this is the first time I have seen Google react to the problem.
I wonder, does this means we are soon going to see google restricting certain wildcard searches? I can’t imagine they’d be foolish enough to restrict/disallow certain queries, as Im sure the fallout from angry bloggers and searchers would be something to reckon with. You know what it would be like: Freedom of information, slipperly slope, etc etc
However, I like the steps they have taken in the above example by simply “obscuring” sensitive information like a password; this might be a viable solution for Google to combat the ever-increasing amounts of server pwnage that they seem to be facilitating.
Add your comment below.
Subscribe to these comments.