A warning to webmasters:
“Robert McMillan, computerworld.com
October 06, 2006 (IDG News Service) — Google Inc. has inadvertently given online attackers a new tool.
The company’s new source-code search engine, unveiled Thursday as a tool to help simplify life for developers, can also be misused to search for software bugs, password information, and even proprietary code that shouldn’t have been posted to the Internet in the first place, security experts said Friday.
Unlike Google’s main Web search engine, Google Code Search peeks into the actual lines of code whenever it finds source-code files on the Internet. This will make it easier for developers to search source code directly and dig up open-source tools they may not have known about, but it has a drawback.
‘The downside is that you could also use that kind of search to look for things that are vulnerable and then guess who might have used that code snippet and then just fire away at it,’ said Mike Armistead, vice president of products with source-code analysis provider Fortify Software Inc.”
