What is Digg?82 Comments
- noodlez, on 10/12/2007, -4/+63taking precautions to prevent sensitive code from being indexed seems like common sense, to me.
if you don't want google to catch you with your pants down, don't take your pants off in public. - rompom7, on 10/12/2007, -0/+43ohhhL3ThaL: "grow the ***** up. leet speak is for morons."
look at your name moron. - elnerdo, on 10/12/2007, -11/+42Not dugg because it had 'pwn' in the title.
Seriously, what the hell? Either use a real word or get out. - JimMessenger, on 10/12/2007, -4/+22Shoe says: "I have since been working with the sitemaps team and I had some suggestions to leave some files off by default (like .inc .func) or only allow common web files with extensions like .php .html .asp etc… I hope they do this cause as sitemaps gets more popular its only going to expose more idiot webmasters like me that run with the default settings."
Good recommendation Shoe. Let's hope Google complies. - xister, on 10/12/2007, -2/+17pwned...
- HonoredMule, on 10/12/2007, -0/+11Making a security hole popular/prominent gets it addressed/fixed. Sweeping it under a rug keeps it in the dark...where the malicious users will have a field day with it. :)
- nipuL, on 10/12/2007, -10/+21Stupid recommendation IMHO.
Why should Google care if some moron can't maintain a secure webserver. I've not played with sitemaps, but surely you can tell it what not to index.
Please Google, don't pander to the idiots. - inactive, on 09/24/2008, -1/+11Another cool site with some similar queries:
http://johnny.ihackstuff.com/index.php?module=prodreviews - enzorX, on 10/12/2007, -3/+11I will be excited when the pwn phase has passed.
- freff, on 10/12/2007, -1/+8"taking precautions to prevent sensitive code from being indexed seems like common sense, to me."
A lot of it happened well before anyone conceived of such a tool as google code search. Great tool, but websites are going to have to be more about their site security now, in some ways they may not have thought about before. - inactive, on 10/12/2007, -2/+9STOP STOP STOP STOP STOP STOP STOP STOP STOP!
Do you ever want you (or this site) to be taken seriously as an intelligent adult? If so...STOP using the 12 year old "PWN" *****. I hate to tell you, but it was NEVER celver, funny or cool And now it is just sad.
Go to MySpace if you want to talk like that. - msgyrd, on 10/12/2007, -1/+7On one hand, I want to be a cynic and say it's not Google's fault that people are dumb or ignorant, and that you should take steps to secure your page, and definitely not let executable, exploitable code be indexed by a major search engine.
On the other, I understand the small time webmaster. It's impossible to know about all the security exploits out in the wild. The internet also thrives because it's accessible to everyone and their brother. I mean, security by obscurity is more effective than it sounds. These "weak" sites were once hidden from public eye because nobody ever bothered to check them out, or even knew the site existed. It is kind of like leaving your house unlocked, but you lived out in the country, 4 miles from a paved road. All of the sudden Google lays down a paved road 10 inches from your doorstep and you get robbed from some highway drifter. Thats basically what happened here when Google linked their site indexes to code search. They handed out lockpicking sets and bolt cutters to everyone inclined to use them. - inactive, on 10/12/2007, -2/+7Lame. Anything with "pwn" in the title is written by a moronic kid.
- Toast1185, on 10/12/2007, -0/+5http://digg.com/tech_news/Googlebot_destroys_incompetent_company_s_website
Had to digg it out of the past. Here is the case for your viewing enjoyment. If it's this easy for the googlebot to ruin your site, just imagine what an actual person can do. - bias, on 10/12/2007, -5/+10it's amazing how many retarded fanboys like you guys are on digg, your logic is on par with all those fundamentalist Christians. If Apple/Linux/Google cause you any problems, it's all your faults. If Microsoft causes your problem, it's Microsoft's fault.
"Microsoft is just an operating system, it ain't your mother.
I would assume most people who got virus problems are due to not updating their anti-virus softwares, carelessly clicking on spyware ads. Really, it's not that hard.
If YOU cannot secure YOUR computer, then you don't deserve to use one." - mPingu, on 10/12/2007, -0/+4The method might be old, but it's still a very interesting post.
- thecookie, on 10/12/2007, -2/+6Please use a proper heading.
- dkoon, on 10/12/2007, -1/+5"Actually, it's not the same deal, but I'm not going to bother feeding the troll."
What an coincidence! This is exactly what I'd say when I don't know what I'm talking about. - wildmXranat, on 10/12/2007, -0/+3@bias
I agree with google/linux VS M$oft where the culprit is pre-jugded on pure political basis, but it doesn't clean up many security blemishes Gates and the gang have had in the past.
On the server issue, I really think that most people with hard criticism like 'You dont deserve to have a site , if you cant take care of it '' , ***** as if they wrote the damn Internet in assembly language. Stop post fronting and maybe post some useful info if you're that M*flippin genius. It's a fact, that with so many services being available and spider searches indexing the whatever's converted into bits and bytes, it is just harder to keep on top of everything while still having a life outside of computers. My 2 cents - freff, on 10/12/2007, -0/+3I've read about similar stuff on other sites. Trust me, this and other search related exploits are already out there.
- Fedge, on 10/12/2007, -1/+4@ ohhhL3ThaL
You know, I have a engineer working for me whose name is, and I say this with complete honesty and seriousness...
Amir *****
I kid you not, and I've got fax covers to prove it. - msgyrd, on 10/12/2007, -0/+3"what's the point in having set language rules?"
Language rules were not set and then the English language was created. The rules emerged because of common trends of those that spoke it. They were refined over the centuries as the language progressed, but the rules for any language are commonly broken in daily speech by it's native speakers. - Raidenwolf, on 10/12/2007, -0/+3Old news but always worth mentioning. I am 40 but still a moronic kid at heart. I will say I am so sick of this, "oh you showed the script kiddies a new weapon." As said by many in this post this is old news maybe some six year old learned something today, but learning is not the problem. The problem is one or a combination of these 1. laziness 2. Lack of expertise with operating systems by not patching and fortifying 3. Lack of expertise with web servers and best practices for making a more secure site. 4. The most common I see is Cheap companies that have a network admin tack on one more responsibility that they may not have the time for. 5. At home I have set up so many routers and internet cameras and basically no one ever wants to setup a unique password, I practically beg and always get "Oh no one wants to look at my stuff" FAMOUS LAST WORDS....
- aonic, on 10/12/2007, -4/+6Came to bitch about "Pwn," stayed to digg down Kingmichael
- kevinreedy, on 10/12/2007, -0/+2More Specifically, the Google Hack Honeypot - http://ghh.sf.net - is a tool to monitor this kind of malicious activity.
- TheNik, on 10/12/2007, -0/+2Wouldn't this require having a backup of your site in an archive somewhere on your server?
Doesn't that seem a little obvious to prevent? :"( - coldphoenix, on 10/12/2007, -6/+8@kingmichael
Actually there is, its called the oxford english dictionary, the most complete and revered dictionary for the english language...and if you can't respect that, what's the point in having set language rules? Oh that's right, so we all don't go around saying "fjksahfkjs" to eachother, that's why. We have real words for efficiency reasons, so we can clearly convey the message. - noodlez, on 10/12/2007, -0/+1@freff
google's code search just made it easier. it made it easier to find people with their pants down. it doesn't mean that you didn't pull them down. if someone wanted to attack the site, it'd still get attacked. the search just makes it easier to find and attack weaknesses. - xister, on 10/12/2007, -0/+1Dugg down 'cuz you didn't Google first. Here's a primer though...
http://en.wikipedia.org/wiki/Leet#Pwn - sherlock42, on 10/12/2007, -0/+1@ coldphoenix:
If you haven't read it, I highly recommend "The Professor and the Madman," a fascinating non-fiction account of the creation of the Oxford English Dictionary. One thing you'll notice is that the dictionary's goal was -- and, if I'm not mistaken, still is -- to _record_ the way the English language is used, rather than to _dictate_ it.
For the record, I don't like "pwn" either. But citing the Oxford dictionary to invalidate the development of our living language still runs counter to its creators' intentions. - kayla, on 10/12/2007, -0/+1I just noticed this ad, this is kind of like education. :)
http://pagead2.googlesyndication.com/pagead/imgad?id=CMmShrO89cykQxDYBRhaMghFCTHdZNRyFQ&ai - jull1234, on 10/12/2007, -1/+2Anyone else put off by the obvious lack of proofreading?
- msgyrd, on 10/12/2007, -0/+1http://thedailywtf.com/forums/thread/108487.aspx
Direct link, it's one of TDWTF's "Best of 2006" - kayla, on 10/12/2007, -0/+1It's your own fault if someone accesses your site and deletes everything and uploads a photo of a fish. That isn't my concern here.
Over 90% of phishing scams are carried out due to very preventable exploits on innocent websites. It's quite silly really that we are letting these people outsmart us. A phishing scam can involve many different websites all in different data centers. Think of it as phishing redundancy. A few sites are hosting a page where the victim submits personal info (domain.com/oldgallery/images/upload/hai2u.php) while others store the information for download: a carefully planned effort to ensure every keystroke gets into the criminal's hands.
Google may not be a babysitter but if searching for certain strings is made easier through Google, I think they should help promote security and responsibility for content somehow. Imagine if they put a small link on the Google homepage, if only for a few days out of the month, which pointed to information about site security. That's an impressive reach.
The handful of commenters here represent the very small percentage of people who actually grasp these concepts. There's much work to be done by everyone, from data centers to individual web hosts, and even Google. - bias, on 10/12/2007, -0/+1You are not digging it just because it's not Microsoft who did this.
- EXreaction, on 10/12/2007, -8/+9Thats nice. Next time please don't bother to post, we don't care.
- neonpulse, on 10/12/2007, -0/+1http://en.wikipedia.org/wiki/Google_Hacking
http://www.honeynet.org/
The Honeynet project helps provide information on how to avoid being the victim of Google Hacking. - imitrust, on 10/12/2007, -1/+2The famed physicist bloke Richard Feynman in one of his books ('Surely You Must Be Joking' - I think) described how he became an expert safe-cracker in the government building he worked in. He cracked over half the safes in the building. The secret was that he used the default key as issued by the safe manufacturer.
Let's face it. People are lazy and stupid. At least Shoemoney owned up to his mistake. Some fatty* somewhere would have started a lawsuit because of their lazy selves.
*By 'fatty' I don't mean slightly overweight person, I mean obese computer user who requires someone else to put their shoes on, or doesn't wear shoes for that reason. - inactive, on 10/12/2007, -2/+3@EXreaction
who is "we"? i care. i dugg it down too. apparently you idiots can't keep the simple english rule of vowel in a word... "Pown" or "Own". - freff, on 10/12/2007, -0/+1Well, if you run a website, you might want to tighten up your security a bit.
- MalDON, on 10/12/2007, -1/+1Go to the site in the post. They warn you that you are not authorized. rolf. Like that's going to stop anyone.
- tehmoth, on 10/12/2007, -2/+2dupe:
http://digg.com/hardware/Hammers_can_be_used_to_bludgeon_people_to_death - orfeo77, on 10/11/2007, -0/+0You can try this simple file and unprotected directory search engine, it is based on google co-op using "index of" filter:
http://searchable.awardspace.com/
http://digg.com/software/Searchable_internet_file_search_made_easy_with_this_google_co_op
Check if your site has "index of" vulnerability, put your domain and search ;-) - inactive, on 10/12/2007, -2/+2"pwn" is not a word. people don't generally use it in society. only a few idiots do.
if you want to spell things right, try "pown", "pOwn", or better yet, "own", if you care to be correct. - Shiggen, on 10/12/2007, -1/+1OH NOES THE GOOGLES GUNNA STAEL MAI MEGAHURTZ!!111
- inactive, on 10/12/2007, -1/+1Google ninjas? Not even a glorified script kiddie.
- hometoast, on 10/12/2007, -2/+2MUST you use "PWN" in the ***** title? I understand the connotation, but it's a bit ridiculous.
- stevecole, on 10/12/2007, -0/+0Nearly as off-putting as the author's unearned ego trips.
- webcomresources, on 10/12/2007, -0/+0Great post and good warnings!!!
- bigdave914, on 10/12/2007, -4/+3!oldnews shoemoney
-
Show 51 - 82 of 82 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is