Monday, October 09, 2006

Google Code Search

Google launched a new code search feature day before yesterday. At least two sites already offer this functionality, but a great deal of attention follows Google wherever they go.

Code search is a great resource for web developers and programmers, but like the making available of all previously unsearched bodies of information, it's given lots of flashlights to people interested in exploring dark corners. Here are some things that people have uncovered already:

1. Key generation algorithm for WinZip (via airbag)
2. Wordpress usernames and passwords. Looks like a lot of these are the result of people zipping/tarring up their Wordpress files and putting the zip/tar file in a publicly accessible directory. I imagine other such applications are just as susceptible to this issue. (via airbag)
3. Like
Movable Type. This only turns up one username/password, but it's for Gawker. Which in turn reveals this open directory with all sorts of code and u/p goodies...but they restricted access to it after being notified of the problem.
4. Possible buffer overflow points. (via live aus der marschrutka)
5. Tons of nerd jokes like
"here be dragons".
6. Confidential code and code with restricted rights. (via digg)
7. Coders complaining about
stupid users.
8. All sorts of code that
needs to be fixed.
9. Programmers who want to get a new job. In the office just now, we were talking about turning Google Code Search into a job posting board by inserting "Like our code? Come work for us!" text ads in the comments of source code which is then distributed and crawled by Google.
10. Kludge-y code.
11. You can also use it for vanity searches. A surprisingly small amount of code is returned on
a search for Linus Torvalds. Jamie Zawinski. Alan Cox. There have to be more prolific programmers out there...
12. Programmers
coding while drunk. Also: "I am drunk and coding like I am the greatest coder of all time."
13. Customer databases with names, addresses, zip codes, phone numbers, and weakly encrypted passwords. Ouch. (No link to this one because I don't really want to get anyone's data out there.)
14. Expression of which programming language sucks more. For instance,
Python sucks.
15. Code vulnerabilities:
"this will crash".
16. Listing of some backdoor passwords.
Got any other Google code search goodies? Send them along.

No comments: