Results 1 to 9 of 9

Thread: Google: searching for shadow and passwd files

  1. #1

    Google: searching for shadow and passwd files

    Apparently there are many *nix boxes which aren't locked down, or configured properly that have their /etc/ directories available online. I was wondering what the folks around here think about the ethical decision of whether or not Google should disable it's advanced search features which support such "hacking" or if those who absent mindedly leave unsecure boxes online are the only people to blame.

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    it's certainly not google's fault.. everyone is responsible for their own security..

    but some of those boxes you find.. just might be honeypots.

  3. #3
    Some would equate Google's advanced queries the equivalent of posting flyers outside someone's house who leaves a key under their doormat, or whose window is open a crack.

  4. #4
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    I don't know of too many *nix users that would fall into that category nowdays. Especially with the trends to security. I would steer clear of those boxes and any attempts to fetch files from /etc/ whether they be shadow or the older trapdoor encrypt. As was mentioned earilier they could be bait.

  5. #5
    ya,

    honeypots have been outlawed in the US, but there are still many countires in the world that use them to catch wouldbe-hackers.

    my two cents: steer clear

  6. #6
    Senior Member
    Join Date
    Mar 2002
    Location
    Snohomish WA
    Posts
    315
    the ethical decision of whether or not Google should disable it's advanced search features
    I think the ethical part of that decision lies not with google, but with the google user who has performed the search.

    Why should functionality be limited?
    Should Google disable the phonebook searches because they're an invasion of privacy???
    Of course not.

    <rant>
    People scream that rights are being taken away, demand their freedoms.
    The next day they're crying 'invasion of privacy' because their phone number is listed online.
    Come on people we can't have it both ways.</end rant>
    -sorry, had to vent.
    Faqt


    If you want to make God laugh....make plans.

  7. #7
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Google provides advanced indexed searches and by that ability, a lot of information is available with a few clicks of a keyboard. For boxes that show up with "unprotected" /etc directories and the like, I wouldn't touch them at all.

    As far as security's concerned, to each their own. A box is only as secure as the systems administrator ability and even then, with tons of security being in place (Security = 1 / Convenience), you're only as good as how much you read your logs.

    I just wish people would tear down those infected IIS servers that Code Red STILL infects because I'm tired of sending emails to abuse@tampabay.rr.com with unique IPs on infected clients that insist on pounding on my web server. Thank God I use apache ...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  8. #8
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Isn't that amazing? Honeypots are banned in the US. how convienent for the bad guys.
    I suppose Tarpits would suffice or are they banned too?

    I just don't get it anymore. (warning! rant rapidly approaching)
    If someone breaks into your house and your dog bites them, they can have your dog put to sleep.
    If you shoot them, you can be charged with manslaughter.
    If you're innocently waiting at a traffic light, and some drunk rear ends your car and you wind up rear ending the car in front of you, you can get sued.
    So why would the internet be any different?
    Goggle offers a nice tool for users and some hacker/cracker abuses it to crack into people's computers, and the one of the better lines of defense (a honeypot) that could help catch them is banned.
    who the hell is really protected here? It almost seems to me that criminals have more rights than law abiding citizens. I swear I could puke with all the bullsh*t that people get away with these days. (rant over).

    My apologies to all who find this offensive in any capacity. I'm just tired of seeing everything abused these days, including Google.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  9. #9
    Banned
    Join Date
    Jul 2002
    Posts
    877
    They haven't completly been outlawed.

    As we all know honeypots come in all different shapes, colors, sizes, & they each have their own purposes. Therefore some stupid losers decided to make standards for them due to privacy issues and because of some of the attack-back scripts that where made.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •