Google Labs' new Code Search makes it easier for hackers to find database username and password details by entering strings that are commonly used within configuration files. With the ability for hackers to easily search through publicly available code in one place, the concept of Security Through Obscurity has taken further damage.
A simple search through Google Code Search for "username file:wp-config.php" reveals a number of non-sample usernames and passwords for Wordpress mysql databases, some even being root. The thing that really stands out is that the majority of these files come from archives.
The message from this is simple, if you are making a backup of your files, do not use http to transfer them. Even if you are careful, you may accidentally put them into a directory that outputs its contents and before you know it, Google has your details and you are at threat. Placing the archives out of the web root and using scp or a properly jailed ftp client is a much better idea.
It will be interesting to see if anyone develops a bot to utilise this exceedingly good hacking tool that Google has unwittingly built. In Google's defence though, if proper security procedures were followed, there would never be a problem. Thing is though, the Web has a history of not following rules.
Some would say that it is a long way from software engineering to journalism, others would correctly argue that it is a mere 10 metres according to the floor plan.During his first five years with CBS Interactive, Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining the company as a programmer.Leaving CBS Interactive in 2010 to follow his deep desire to study the snowdrifts and culinary delights of Canada, Chris based himself in Vancouver and paid for his new snowboarding and poutine cravings as a programmer for a lifestyle gaming startup.Chris returns to CBS in 2011 as the Editor of TechRepublic Australia determined to meld together his programming and journalistic tendencies once and for all.In his free time, Chris is often seen yelling at different operating systems for their own unique failures, avoiding the dreaded tech support calls from relatives, and conducting extensive studies of internets — he claims he once read an entire one.