A couple of days ago Google announced its new Code Search. Soon after that announcement people were talking about the new release, and they still are, but not in a good way. While Google Code Search provides a great avenue for programmers to search, dangers were immediately seen in the search results. At this point – those results are far too revealing.
There is a post being updated over at Kottke.org talking about exactly what kind of information is being revealed by this new and powerful code search. I’ll summarize the ones that are listed there currently:
- Keygen algorithm for WinZip.
- WordPress and Moveable Type usernames and passwords.
- Possible buffer overflow points.
- Kludge-y code.
- Confidential code and code with restricted rights.
- Code vulnerabilities.
- Listings of backdoor passwords.
- Customer databases with names, addresses, zip codes, phone numbers, and weakly encrypted passwords.
- And more…
Of course, the ones I’m concerned with the most are the major security issues.
I imagine there will be plenty of admins scrambling to lock down their directories and information properly so that it cannot be indexed by Google… but not all of them are even going to know about Google Code Search.
Considering that not all system admins are going to be aware of the new code search – Should Google take the initiative and create filters to handle this on their side also? I think so.