Elsewhere on the internet...

The League of Reason has some social media accounts! You can find us on Facebook or on Twitter for some interesting links and things.

The Evils of Google

Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 2
 [ 22 posts ] 
The Evils of Google
Author Message
)O( Hytegia )O(League LegendUser avatarPosts: 3135Joined: Fri Nov 13, 2009 11:27 pm Gender: Cake

Post The Evils of Google

I'm studying SQL.
Why? Because certification exams don't pass themselves (unless it's in $pass - then
push $fail = $pass)

Doing so, I Googles up some SQL Table structures to study.
Before I know it, I'm flipping around the administrator tabs and SQL tables of some random website from Japan where the administrator's password is "webmaster."

Okay, seriously, what the fuck.

With this knowledge, I'm wondering if Google does the same thing for any other websites that I may know. Today at noon EST I will be attempting to gain the same privledges to the LeagueOfReason through Google-Fu and SQL tables. If I can, I will not post anything incriminating about anyone, but I will post the first half of table names (instead of $username I'll put $user-) and messsage Spork personally with what is going on.

Because, well, if I can do it then baddies can, too.

More updates to come.
Some would insinuate that being drunk at 9 in the morning to be signs of serious issues.
Me? I'd insinuate it as signs of no plans and a refrigerator full of Whiskey and Guinness.
Fri Sep 02, 2011 2:37 pm
ProlescumWebhamsterUser avatarPosts: 5000Joined: Thu Dec 31, 2009 8:41 pmLocation: Peptone-upon-Sores

Post Re: The Evils of Google

You know, I'd rather you didn't do any of that. I don't care about your reasoning at all.
if constructive debate is allowed to progress, better ideas will ultimately supplant worse ideas.

Comment is free, but facts are sacred
Fri Sep 02, 2011 5:08 pm
CommonEnlightenmentUser avatarPosts: 649Joined: Wed Sep 23, 2009 2:06 amLocation: Plato Crater Gender: Time Lord

Post Re: The Evils of Google

Personally, I think it might be a decent exercise as long as private information is not released.
There is still light in the 'Earthly' darkness. Finding light in the darkness can be more satisfying than merely seeing the glaring light of our sun. It gives us a better understanding of light and a deeper understanding of our universe.
Fri Sep 02, 2011 7:34 pm
WarKChat ModeratorUser avatarPosts: 1178Joined: Wed Aug 12, 2009 9:59 am Gender: Tree

Post Re: The Evils of Google

Yay, go the nephilimfree way, read some wikis and google for some stuff and you're an expert over night.

You come here and make this topic, don't you think it's a bit silly, or illegal even?

If you want to playaround get a VirtualBox, install a server, run some phpBB or something like that and play with it. Don't go on a public forum and try to hack it.
Did you see that ludicrous display last night?
Fri Sep 02, 2011 8:20 pm
CaseUser avatarPosts: 1080Joined: Sun Feb 28, 2010 9:40 pm Gender: Cake

Post Re: The Evils of Google

Shoo shoo everyone, their growth is proportional to the amount of attention they get.
I am determined that my children shall be brought up in their father's religion, if they can find out what it is.
Charles Lamb (1775 - 1834)

Atheism is a non-prophet organization.
Fri Sep 02, 2011 9:54 pm
Aught3ModeratorUser avatarPosts: 4290Joined: Fri Feb 27, 2009 3:36 amLocation: New Zealand Gender: Male

Post Re: The Evils of Google

LOL! HAXED :lol:

Image
Wanderer, there is no path, the path is made by walking.
Sat Sep 03, 2011 12:00 am
WWW
)O( Hytegia )O(League LegendUser avatarPosts: 3135Joined: Fri Nov 13, 2009 11:27 pm Gender: Cake

Post Re: The Evils of Google

The point is that I Googled my way into some serious system integrity information of some random website, just looking for example table layouts -
which means that the pages, links, and identity information required to access these pages were all on Google.
If I am able to successfully do that to the LeagueOfReason, then it means that anyone with actual ill-intent can just flip around on our website and fuck our world sideways.

Do you think I'm announcing this for self-attention? Really?
If I didn't manage to get anything:
1) Nothing happens.
2) This becomes a fun conversation about SQL and Database Structuring for my Certification that I'm studying for.
3) We hate Google for their web-crawling programs somehow automatically putting a website's behind-the-scenes information online.

If I did manage to get something:
1) I would have held database queries to the LeagueOfReason
2) Database Queries -> Exploitation -> Personal Information Risk -> A serious change in Network Structure & a serious note to Google.
3) Nobody could hush over the fact that I did manage to get them from Google - something that would mean that everyone should change their passwords because they were obtainable by people with less-than-noble means.
4) We hate Google for their web-crawling programs somehow automatically putting a website's behind-the-scenes information online.

And it's not like I would be holding a list of Usernames and Passwords -
I would be holding the logical pathway to them.
Which means that someone with less moral standing and a bit of Query knowledge could just make an account, hop on over to a post on the message board, comment out a few areas (if that's how it was structured) and input anything they wanted and obtain anything they wanted and displayed to them.

Also note that I stated that I would not publish the tables - ergo, no one can get this information by just reading my posts.

WarK wrote:Yay, go the nephilimfree way, read some wikis and google for some stuff and you're an expert over night.

I'm not sure about you, but food doesn't poof itself into existence, last I checked. The Military may be paying for college after I get out - but when it comes to my line of work there turns out to be not that many job openings for my current trade out there.
Computers and Networks are logical - I can do logical.

WarK wrote:You come here and make this topic, don't you think it's a bit silly, or illegal even?

I don't know. Is a citizen of the United States bound by the laws of Her Majesty's jurisdiction?
Besides, this was just a courtesy notification to everyone - I can't, with good conscience, do this without a public notification of both the test and the outcome.
Think about it like this:
Would you want the ability to access your passwords, PMs, and other privileged information available on Google?

WarK wrote:If you want to playaround get a VirtualBox, install a server, run some phpBB or something like that and play with it. Don't go on a public forum and try to hack it.

You completely missed the point.
:facepalm:

I'm not doing this for lulz or anything beneficial (well, it's also a bit beneficial to know that Google can publish your website's database queries - and that it's automated system will publish it regardless) to myself.
Google = Public Access
Public Access = ER'RY BODY

Besides, is it really "hacking" if it's currently public access? I guess I hack Facebook every day when I magically type in a box and it appears on my News Feed.
-------------------------------------------------------------

Results are not final - but nothing has been found so far.
A few more table ideas, though.

========================================================

And I really don't appreciate the joke.
Some would insinuate that being drunk at 9 in the morning to be signs of serious issues.
Me? I'd insinuate it as signs of no plans and a refrigerator full of Whiskey and Guinness.
Sat Sep 03, 2011 12:05 am
CosmicSporkLeague LegendUser avatarPosts: 929Joined: Sat Feb 21, 2009 10:36 pmLocation: UK Gender: Cake

Post Re: The Evils of Google

Googles web crawler does just that. It crawls links from one page to another.

If someone is dumb enough to make a website that exposes the backend of their website without security then they deserve what they get. It's not Google's fault, the bot was just crawling the links as it finds them. The same goes for any other search engine bot.

And yes, I think you are announcing this for self-attention. It's pointless and quite pathetic to be honest. The software used on this site is used by millions of others, it's tested constantly for SQL injection, cross site scripting, and various other exploits and updated to fix security holes. I'm not suggesting it's perfect... there's no such thing, but there are a lot more experienced people out there who are constantly trying to do what you are trying to do.

I've been working in web development all my adult life so I'm not exactly making this shit up.

Right now, I have absolutely no expectation you will find anything. I am even willing to say that you don't have a clue what you're even talking about.

I'm not normally this aggressive with people but you've pushed some buttons here. You presume to have some previously unknown knowledge about website security because you found a single badly made website and were able to query its data.
Image
“Nothing is as frustrating as arguing with someone who knows what he's talking about.” - Sam Ewing
Sat Sep 03, 2011 12:37 am
WWW
)O( Hytegia )O(League LegendUser avatarPosts: 3135Joined: Fri Nov 13, 2009 11:27 pm Gender: Cake

Post Re: The Evils of Google

Let's review the posts here:

Wait -
Studying? Not qualified yet? Learning?

Wow. It's almost as if I literally said that I wasn't a professional and hosted a legitimate concern for web security of a site based off of an experience I had just earlier that day and kinda flipped over about it.
:facepalm:

You know what? You can all go fuck yourselves-

Warnings be damned. I'll take my own leave and concerns with me.
Some would insinuate that being drunk at 9 in the morning to be signs of serious issues.
Me? I'd insinuate it as signs of no plans and a refrigerator full of Whiskey and Guinness.
Sat Sep 03, 2011 1:11 am
kenandkidsUser avatarPosts: 1117Joined: Tue Jan 12, 2010 7:00 pm Gender: Pinecone

Post Re: The Evils of Google

)O( Hytegia )O( wrote:Do you think I'm announcing this for self-attention?




Yes, if it were due to concerns and security issues you would have pmed the hamster and then there would have been nothing to post about.
Teapublican commandment:
Thou shalt not educate or improve the lives of the lesser classes, the lesser races, or women.

Fiddler on:

http://obnoxi.us/
Sat Sep 03, 2011 1:32 am
Nashy19Posts: 250Joined: Sun May 10, 2009 5:37 pm

Post Re: The Evils of Google

Why don't you just post about how your learning is going.

Also, are you going to hax0r the watermark out of your avatar with Paint, Photoshop or something?
Sat Sep 03, 2011 2:17 am
impikuUser avatarPosts: 211Joined: Sun Jun 05, 2011 9:58 amLocation: Hell. Gender: Cake

Post Re: The Evils of Google

I like the new site design. What now?
"Who needs Satan when you have a God like this?" -- Robert M. Price

"In the sphere of thought, absurdity and perversity remain the masters of the world, and their dominion is suspended only for brief periods." -- Arthur Schopenhauer
Sat Sep 03, 2011 2:27 am
Nashy19Posts: 250Joined: Sun May 10, 2009 5:37 pm

Post Re: The Evils of Google

impiku wrote:I like the new site design. What now?


Now we sleep.
Sat Sep 03, 2011 2:58 am
impikuUser avatarPosts: 211Joined: Sun Jun 05, 2011 9:58 amLocation: Hell. Gender: Cake

Post Re: The Evils of Google

hmm...
"Who needs Satan when you have a God like this?" -- Robert M. Price

"In the sphere of thought, absurdity and perversity remain the masters of the world, and their dominion is suspended only for brief periods." -- Arthur Schopenhauer
Sat Sep 03, 2011 3:14 am
ProlescumWebhamsterUser avatarPosts: 5000Joined: Thu Dec 31, 2009 8:41 pmLocation: Peptone-upon-Sores

Post Re: The Evils of Google

)0(Hytegia)0( wrote: Let's review the posts here


Yes, let's do that... Has anyone up to this point been unkind or rude unduly? Nope. Yet you, precious, tell us to go fuck ourselves simply because you weren't congratulated wholeheartedly.

Perhaps you should have some time away... Give your balls time to drop and your voice time to settle at an appropriate octave.
if constructive debate is allowed to progress, better ideas will ultimately supplant worse ideas.

Comment is free, but facts are sacred
Sat Sep 03, 2011 7:07 am
UltimateBlasphemerUser avatarPosts: 118Joined: Thu Oct 08, 2009 7:36 pm

Post Re: The Evils of Google

)O( Hytegia )O( wrote:Do you think I'm announcing this for self-attention?


Next time, if you really want to help someone make their software more secure, inform the developers through private communication. Don't post about it for everyone to see.

)O( Hytegia )O( wrote:You know what? You can all go fuck yourselves-

Warnings be damned. I'll take my own leave and concerns with me.


Oh shit. Don't piss him off guys. He's got too much information on us.
Sat Sep 03, 2011 9:45 pm
Thomas DoubtingUser avatarPosts: 443Joined: Mon Aug 15, 2011 2:02 pmLocation: 6th Circle of Hell Gender: Tree

Post Re: The Evils of Google

UltimateBlasphemer wrote:
)O( Hytegia )O( wrote:Do you think I'm announcing this for self-attention?


Next time, if you really want to help someone make their software more secure, inform the developers through private communication. Don't post about it for everyone to see.

)O( Hytegia )O( wrote:You know what? You can all go fuck yourselves-

Warnings be damned. I'll take my own leave and concerns with me.


Oh shit. Don't piss him off guys. He's got too much information on us.


agree.. not only does it remind of attention seeking, but also if it really was the case, you made the information available for others, maybe some of them already tested it on this page and others, as many said before, next time if you REALLY want to help, do it privately.

And with all due respect (meaning none), take your own advice regarding auto-sexual intercourse, to put it that way ;)
ORLY? Not buying that, try again.
Want to convert me? Give me your best shot!
Sat Sep 03, 2011 10:01 pm
ImprobableJoeLime TordUser avatarPosts: 6195Joined: Sun Feb 22, 2009 3:24 pm

Post Re: The Evils of Google

)O( Hytegia )O( wrote:You know what? You can all go fuck yourselves-

Warnings be damned. I'll take my own leave and concerns with me.



You know what? You've crossed a pretty serious line.

You've been here awhile, and you've contributed a bunch, and your ass should get bounced so fast that you land a few hundred meters from where you started.
Come visit my blog! There will be punch and pie!
Sat Sep 03, 2011 11:15 pm
ProlescumWebhamsterUser avatarPosts: 5000Joined: Thu Dec 31, 2009 8:41 pmLocation: Peptone-upon-Sores

Post Re: The Evils of Google

To be on the safe side, I'd change your password.
if constructive debate is allowed to progress, better ideas will ultimately supplant worse ideas.

Comment is free, but facts are sacred
Sun Sep 04, 2011 12:48 am
Master_Ghost_KnightContributorUser avatarPosts: 2630Joined: Sat Feb 21, 2009 11:57 pmLocation: Netherlands Gender: Male

Post Re: The Evils of Google

Here is my take on it. This stuff has been out for a long time, and I find it particularly unlikely that there would such pissy security loopholes a this stage of the championship special that it could be hacked by anyone just learning SQL.
Now to everyone else, just STFU and let it die. If you think he is just doing this for attention and you think it warrants none, here is a good advice, act on your words and don't actually pay any attention to it. That is what I have been doing with half the stuff going arround here and it has worked just fine so far.
"I have an irrefutable argument for the existence of...." NO, STOP! You are already wrong!
Sun Sep 04, 2011 1:07 am
Next
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 2
 [ 22 posts ] 
Return to Developers' Corner

Who is online

Users browsing this forum: No registered users and 1 guest