of course not, serching forums would never yield Google hacks how could we have missed such an interesting topic?

Wow

Wow dont know how i missed that even the second thing on the page

well besides a thread this is all pretty old anyway, theres already been a book published published about google hacks. and if you want to know anything i'm sure CP99 will help, his title is "Google Hacker".

<start>

Its true google indexes information it shouldnt, including passwords, security cameras, and hundreds upon hundreds of sensitive files.

Crayon, the dorks you spoke of are very common, and for the most part worn out.
Recently google has been implementing an operation with the codename "Bourbon"
which has severly altered the way googles search functions work, for an example google now has blacklisted both certain searches and ips and ip ranges that if you were to proxy to or were located in you would receive a new 403 error with a type box to verify that you are not an automated query.

example http://img223.echo.cx/my.php?image=w...pechars2vm.png

For all the information and other strange results, as well as the full GHDB please visit johnny.ihackstuff.com and all you fucking defacer type newb shit heads go away, Im sick you infesting johnnys forums.

</start>==<finish>


dork = google search query that brings up results that either shouldnt be or contains sensitive information or access.

GHDB = Google Hacking DataBase




EDIT***
Check out the recent post at http://googlehackers.blogspot.com/ for a bit more information on project "Bourbon"

try a google search for +"Powered by phpBB 2.0.6..10" -phpbb.com -phpbb.pl

Hope this helps.

What is saying that Google shouldnt index that? All Google does is crawl pages for information, just like any other search function. Google just happens to be damn good at it.

It isnt Googles fault that Johnny Long can find credit card numbers, exp. dates, and security numbers. The fault rides on the user who is dumb enough to post this information plain text.

As for defacers, the world needs them. If we didnt have people "infesting" pages, many people would likely not find/correct the security flaw that was exploited. besides, many defacers aren't extremely malicious, so the damage is minor compared to what could have been done if some blackhat with a bug up his ass found the security hole first.

What if the information wasn't posted by the user, though? If a company has accidentally created a privacy leak and Google can prevent attackers from using that leak, shouldn't Google do so?

The problem is that the attacked entity doesn't know if the attack is minor or major. It is in their best interests to examine the intrusion as if the attacker was extremely malicious in all cases.

Its not googles fault that we find sensitive information throught their services, but it is their fault that its taken them so long to finaly start putting in security measures, and as defacers go, WTF are you talking about, The world and the internet would be a better place if fucktards like them just all died in massive fucktard plague.
But as for people posting important information in ANY kind of format, plaintext or otherwise, is just not smart. If you dont want it screamed from a mountain top dont put it on a any kind of digital format thats conected to the internet.

If a user posts secure information in an insecure faishion, their most likly just ignorent, Or if the information has been automaticly left in an insecure enviroment by faulty hard/software, that needs to be fixed as well. And voltage im seeing eye to eye with you, Google needs to put in preventative measures, however for people like me and the others a IHS these preventative measures have been at least an anoyance.

Indexing is not really a problem. What is the problem? Limiting what a company may and may not provide to the public.

Could preventing a company from delivering specific information be censorship? Yes.

What about criminal neglegence? aiding and abetting? public nuisance? etc.
"Common Carrier" Status may work as a defense for places that do not inspect content (like a phone company), but the very nature of iterative refinement in google's search engine requires looking at content when results are reviewed.

Lawsuits generally target "deep pockets" because there is usually, only futility in filing a lawsuit against someone who is poor.

Computer security experts, professionals, or employees need site defacers like intelligence agencies, law enforcement and the military need terrorists.

Damage being minor can be a matter of perspective or relative consideration. How much would it cost for "e-trading" companies to have their customer's trading access denied for 1 hour? What about long-term costs if customer thoughts of stability of the company are considered? How much does it cost to replace a lost customer? What if an ex-employee is the one who published insider information? They certainly don't have deep pockets, but google (who indexed it and provides results) certainly does. Who would you choose to sue if you wanted compensation for your financial losses?

What would you do if you were running google (your job is to generate profit, not loss) and you were confronted with the financial security risks associated with not limiting access to content?
(Remember, most cases are settled out of court or resolved long before they make it to court because even going to court can cost millions.)

Truth be told, I like the fact that google can index all this information, It (A) Provides help for the componies whos servers are vulnerable and (B) Provides hours of fun for people like me. I mean come on, controling a security camera is bitching. It will be too bad if google tries to censor for a few reasons including the carrier defence for google, what carrier censors the informatio he carries?

I like having access to such information, but offered reasons for why google has limited access to searches for credit card numbers. They also limit searches for e-mail addresses (spammers suck.)

I think censorship is usually external. Choosing to not speak on something is different from being disallowed. Coersion is an issue though, and might be stretched to be considered an external control mechanism and even further stretched to call threats of lawsuit an effective censorship.

You can always add this question to the thread requesting top 10 legal questions WRT hacking, but I think a major requirement for common carrier status and defense is to NOT examine what you allow to pass over your network. Once you start examining content and limiting what is passed, I do not think you can fit the requirements of a common carrier.

[If the phone company listened to conversations, could they be partly responsible for people planning to kill other over the phone system?]

Well that brings into light, what constitutes examining? The controversy over gmail was that computers looked at your email and then blah blah blah (you know the rest)
Acording to this same principle of computers examining information, googles indexing is an invasion of privacy. Rediculous. But you can understand how some radicals would think this.

What constitutes examination? Heh-heh. I do not know, but the law makers will define it, or the courts will give us case law, and it will change a lot over time.

Here are some related links specific to copyright and common carrier. To see how powerful Common Carrier status can be, it can still "beat out" the DCMA. (Pretty strong!)
In addition, Common Carrier is more than just defense from liability in Copyright-- it can also include criminal laws, and lawsuits for other reasons.

[1]: "The telephone companies have been considred common carriers and, as a matter of statutory policy, have been excluded from liability for basic network operations so that such services can be provided at a low cost. Network operators and others involved in content distribution (other than content authors) have argued that they are distributors or conduits and should have no liability without knowledge."

[2] Even limited protection from DCMA for common carriers.
"An ISP will not be liable for copyright infringement resulting from having hyperlinks to web sites on the Internet containing infringing material so long as: (1) it does not have actual knowledge that the material is infringing or facts or circumstances pursuant to which infringing activity is apparent, and acts expeditiously to remove such material once it is aware of such infringement;"

If you start to examine content, and/or are notified you are doing something that is a violation of copyright, then (1) may apply.

Simple example for criminal laws using a "courier" as the carrier:
If I plan to murder someone, and hand off a message in a sealed envelope to a courier who delivers it unopened to the recipient, then there is little liability for the courier.

If I plan to murder someone, and tell you about it and then you tell the other person who will, "do the hit," now you are a criminal.

That works fine in people in the real world, But how do you think the politicals and lawmakers are to respond when the courirer is a machine sitting in a airconditioned room, It sees the information, reads it logs it stores it, it "knows" the information but cannot grasp the concept of information being illigle and therefore reporting said information as say a person might do in a givin situation. After all its just a machine.

And then from that were might have laws passed saying that all search engines must report suspisous activities and search queries (what many think burbon is the first step toward). Its a nightmarish situation full of inturpritaions of the law and inturpritations of the inturpritation.

I see 2 distinct sides to this problem

1- It would be great for there to be more security with "secure" information. But
that should fall on the part of the componies at stake.

2- If I start doing things that google says are suspicous activities, I realy dont feel
like being arrested for something as stupid as "search engine crimes"