You may have heard of the Google Hacks Book (which is on my “To Buy Whenever I Get The Cash” list), but one of the real strengths (and scary things) about Google is its ability to dig up information on passwords, usernames, and vulnerabilities that idiots have left open and online.
Link via Kottke.
Comments
Naw, mostly he focuses on SQL error messages that get displayed to the page-viewer that disclose juicey tidbits of information like paths. You know, like suddenly the hacker discovers that your html files are in “/usr/local/www/html”, or maybe in “/ima/paranoid/freak/you/cant/find/me/html” and then the hacker goes “ah ha! Now, all I need is a root exploit, and then this information will allow me to use the CD command against this fool! mwuhahaha (etc)”
Yes, but there is certainly information there you don’t necessarily want exposed. Yes, it would take some work to use that information and do some naughty deeds with it, but it is certainly possible.