Search Engines utilized to find site holes: The Register

Navigation

User login

GWT in Practice at Manning
GWT in Practice at Amazon
GWT Resources

Unlocking Android at Manning
Unlocking Android at Amazon
Android Resources

Quote

Antoine de Saint-ExupÃ©ry

If you want to build a ship, don't drum up the men to gather wood, divide the work and give orders. Instead, teach them to yearn for the vast and endless sea.

Search Engines utilized to find site holes: The Register

Sat, 06/03/2000 - 09:44 — charlie.collins

A new and rather ingenious method of hacking websites has recently been highly publicized. Using search engines to find passwords and admin pages. This is brilliant for its pure simplicity. Over and over and over people are warned NOT to store passwords in web pages (inside javascript is an all to prevalent method) and over and over and over they DO it anyway!

Access to many site administrative and critical functions are all too often hidden behind a "secret" password that is in clear text on some non-linked page. This is NOT security, this is silly. You would be amazed at the number of sites that employ this (and most webmasters and developers know better, yet they do it anyway, its the easy way.) This and or leaving the passwords to certain components at the default are common yet unneccessary exploits.

Check out the linked Register story, you can learn firsthand how to use some advanced portions of search engines to find things like "password==" or "admin", etc. Be aware of the issue and be smart enough not to give away your passwords. Searching for site holes: The Register