Martin @ Blog

software development and life.

Flower

Google Codesearch: a potential hackers paradise

Google recently introduced Google Codesearch, a search engine for programming code. While Google was already a valuable source of information for hackers (it could be used to find passwords, usernames and so on), Codesearch enables even more possibilities. Obviously, it is quite easy to find patterns of potential vulnerable code, like buffer overflows, backdoor passwords and even proprietary code which is unintentionally published on public accessible websites.

One can think this is ‘bad’ or something, but I think it is very good that flaws in programs are easy to find and exposed to the entire world. This is the only way to prevent companies and individuals from relying on ‘security by obscurity’. And it is good for ‘closed source’ companies to realise that even while there program sources are not widely available, it is very hard to prevent people from getting it anyway. As some people say: ‘there are no secrets, only information you do not have yet’.

A nice list of stuff which can be found using Google Codesearch can be found on a weblog called kottke.org.

Comments are closed.