Interesting perspective, for sure could prove handy on a nation-wide scale. The concept of googling for private keys has been around for quite a while, and here's an informative paper emphasising on how Google can Reveal Cryptographic Secrets taking the topic even further :
"Google hacking is a term to describe the search queries that find out security and privacy flaws. Finding vulnerable servers and web applications, server fingerprinting, accessing to admin and user login pages and revealing username-passwords are all possible in Google with a single click. Google can also reveal secrets of cryptography applications, i.e., clear text and hashed passwords, secret and private keys, encrypted messages, signed messages etc. In this paper, advanced search techniques in Google and the search queries that reveal cryptographic secrets are explained with examples in details."
Comments on : Hashed passwords, Secret Keys, Public Keys, Private Keys, Encrypted Files, Signed Messages -- external comments on packed binary patterns, malware functions, and the malware search engine itself.
Google is so not the root of the problem, althrough at least theoretically malicious web crawling is indeed possible. Seems like patterns come useful to both sides of the front -- and everyone in between.
No comments:
Post a Comment