Re: [Full-disclosure] Re: Google Base

• Previous message: Martin Schulze: "[Full-disclosure] [SECURITY] [DSA 900-2] New fetchmail packages fix potential information leak"
• In reply to: Alexander Klimov: "[Full-disclosure] Re: Google Base"
• Next in thread: Jorrit Kronjee: "Re: [Full-disclosure] Re: Google Base"
• Reply: Jorrit Kronjee: "Re: [Full-disclosure] Re: Google Base"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Nov 2005 10:19:13 +0000
To: Alexander Klimov <alserkli@inbox.ru>

Hi Alexander,
You are right! Free hosting, free email, tag based systems exist for
quite a while and they can be used for the exact same purposes that I
mentioned in my original post. Common, everybody knows how to configure
DNS to serve hashes (sort of distributed rainbow tables crack).

However, google base it a bit different. First of all Google has
enormous storage facilities. You need around 85g for a decent rainbow
table. I don't think that I you can find that for free. Yes, maybe,
Google Base is not that well suited for this kind of stuff but, still.

Unfortunately, malware can spread by using google base as well, and it
will be far better than using email (email accounts can be blocked). If
someone find another vulnerability in JPG and GIF, how much time it is
going to take in order to create sort of mass infection. What about XSS
attacks. I am not sure if the GIF HEADERS bug is present in Google Base
(I have to check for this), however at some point you may find that
certain browsers respond to media content differently. Google Base
allows you to upload content almost anonymously :); and because it is
free everyone can use it for their own purpose (and respectively abuse
it for their own purpose). Google Base content is reused by other google
applications (google maps, local, etc), which means that a bug in google
base will result in bugs in almost everything else that google has.

As you can see; with the great power comes the great responsibility.
Google affect us all in direct or indirect way. I have nothing against
google.

I hope that this contributes in a positive way to the current discussion.

:)

Cheers,
Petko

Alexander Klimov wrote:

>On Fri, 18 Nov 2005, Petko Petkov wrote:
>
>
>>I was playing around with goggle base and I must say I am quite
>>impressed and in the same time scared to death. Goggle base is the most
>>amazing thing I have seen for a while and it can be used for many
>>different things.
>>
>>
>
>What exactly is so special about it?
>
>Free web hosting is available for many years and can be used to share
>content with the world. Free unlimited web email is also available for
>quite some time and can be used to store (encrypted) information for
>internal use. There are a lot of free spots for forums and blogs in
>internet. Keywording (tagging) URLs is not new either (see, e.g.,
><http://del.icio.us/>).
>
>
>
>>Now here is a list that I built for you how to use goggle base for
>>your own good:
>>
>>* Brute forcer - massive storage for mare mortals.
>>* Keep your exploits
>>* Keep your code fragments
>>* Keep your advisories and security notes
>>* Log there :)
>>* Write a book (Goggle Book) :)
>>* You can write even a Game Book.
>>* Write a game and store its data on goggle base
>>* Use it to hold your secret hacker tools (with encryption) :) just joking
>>* Make a goggle base forum
>>* Make a security list
>>
>>
>
>What of this was impossible without google base?
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Previous message: Martin Schulze: "[Full-disclosure] [SECURITY] [DSA 900-2] New fetchmail packages fix potential information leak"
• In reply to: Alexander Klimov: "[Full-disclosure] Re: Google Base"
• Next in thread: Jorrit Kronjee: "Re: [Full-disclosure] Re: Google Base"
• Reply: Jorrit Kronjee: "Re: [Full-disclosure] Re: Google Base"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]