Hi Alexander,
You are right! Free hosting, free email, tag based systems exist for
quite a while and they can be used for the exact same purposes that I
mentioned in my original post. Common, everybody knows how to configure
DNS to serve hashes (sort of distributed rainbow tables crack).
However, google base it a bit different. First of all Google has
enormous storage facilities. You need around 85g for a decent rainbow
table. I don't think that I you can find that for free. Yes, maybe,
Google Base is not that well suited for this kind of stuff but, still.
Unfortunately, malware can spread by using google base as well, and it
will be far better than using email (email accounts can be blocked). If
someone find another vulnerability in JPG and GIF, how much time it is
going to take in order to create sort of mass infection. What about XSS
attacks. I am not sure if the GIF HEADERS bug is present in Google Base
(I have to check for this), however at some point you may find that
certain browsers respond to media content differently. Google Base
allows you to upload content almost anonymously :); and because it is
free everyone can use it for their own purpose (and respectively abuse
it for their own purpose). Google Base content is reused by other google
applications (google maps, local, etc), which means that a bug in google
base will result in bugs in almost everything else that google has.
As you can see; with the great power comes the great responsibility.
Google affect us all in direct or indirect way. I have nothing against
google.
I hope that this contributes in a positive way to the current discussion.
:)
Cheers,
Petko
Alexander Klimov wrote:
On Fri, 18 Nov 2005, Petko Petkov wrote:
I was playing around with goggle base and I must say I am quite
impressed and in the same time scared to death. Goggle base is the most
amazing thing I have seen for a while and it can be used for many
different things.
What exactly is so special about it?
Free web hosting is available for many years and can be used to share
content with the world. Free unlimited web email is also available for
quite some time and can be used to store (encrypted) information for
internal use. There are a lot of free spots for forums and blogs in
internet. Keywording (tagging) URLs is not new either (see, e.g.,
<http://del.icio.us/>).
Now here is a list that I built for you how to use goggle base for
your own good:
* Brute forcer - massive storage for mare mortals.
* Keep your exploits
* Keep your code fragments
* Keep your advisories and security notes
* Log there :)
* Write a book (Goggle Book) :)
* You can write even a Game Book.
* Write a game and store its data on goggle base
* Use it to hold your secret hacker tools (with encryption) :) just joking
* Make a goggle base forum
* Make a security list
What of this was impossible without google base?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
