February 14th, 2004, 11:47 PM
Google: searching for shadow and passwd files
Apparently there are many *nix boxes which aren't locked down, or configured properly that have their /etc/ directories available online. I was wondering what the folks around here think about the ethical decision of whether or not Google should disable it's advanced search features which support such "hacking" or if those who absent mindedly leave unsecure boxes online are the only people to blame.
February 14th, 2004, 11:51 PM
it's certainly not google's fault.. everyone is responsible for their own security..
but some of those boxes you find.. just might be honeypots.
February 14th, 2004, 11:54 PM
Some would equate Google's advanced queries the equivalent of posting flyers outside someone's house who leaves a key under their doormat, or whose window is open a crack.
February 15th, 2004, 12:06 AM
I don't know of too many *nix users that would fall into that category nowdays. Especially with the trends to security. I would steer clear of those boxes and any attempts to fetch files from /etc/ whether they be shadow or the older trapdoor encrypt. As was mentioned earilier they could be bait.
February 15th, 2004, 12:38 AM
honeypots have been outlawed in the US, but there are still many countires in the world that use them to catch wouldbe-hackers.
my two cents: steer clear
February 15th, 2004, 12:46 AM
I think the ethical part of that decision lies not with google, but with the google user who has performed the search.
the ethical decision of whether or not Google should disable it's advanced search features
Why should functionality be limited?
Should Google disable the phonebook searches because they're an invasion of privacy???
Of course not.
People scream that rights are being taken away, demand their freedoms.
The next day they're crying 'invasion of privacy' because their phone number is listed online.
Come on people we can't have it both ways.</end rant>
-sorry, had to vent.
If you want to make God laugh....make plans.
February 18th, 2004, 09:18 PM
Google provides advanced indexed searches and by that ability, a lot of information is available with a few clicks of a keyboard. For boxes that show up with "unprotected" /etc directories and the like, I wouldn't touch them at all.
As far as security's concerned, to each their own. A box is only as secure as the systems administrator ability and even then, with tons of security being in place (Security = 1 / Convenience), you're only as good as how much you read your logs.
I just wish people would tear down those infected IIS servers that Code Red STILL infects because I'm tired of sending emails to email@example.com with unique IPs on infected clients that insist on pounding on my web server. Thank God I use apache ...
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
February 19th, 2004, 01:00 AM
Isn't that amazing? Honeypots are banned in the US. how convienent for the bad guys.
I suppose Tarpits would suffice or are they banned too?
I just don't get it anymore. (warning! rant rapidly approaching)
If someone breaks into your house and your dog bites them, they can have your dog put to sleep.
If you shoot them, you can be charged with manslaughter.
If you're innocently waiting at a traffic light, and some drunk rear ends your car and you wind up rear ending the car in front of you, you can get sued.
So why would the internet be any different?
Goggle offers a nice tool for users and some hacker/cracker abuses it to crack into people's computers, and the one of the better lines of defense (a honeypot) that could help catch them is banned.
who the hell is really protected here? It almost seems to me that criminals have more rights than law abiding citizens. I swear I could puke with all the bullsh*t that people get away with these days. (rant over).
My apologies to all who find this offensive in any capacity. I'm just tired of seeing everything abused these days, including Google.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
February 19th, 2004, 09:12 AM
They haven't completly been outlawed.
As we all know honeypots come in all different shapes, colors, sizes, & they each have their own purposes. Therefore some stupid losers decided to make standards for them due to privacy issues and because of some of the attack-back scripts that where made.