Recently I saw this article on security focus:
What they had to say intrigued me:
“Want to know which programs have security issues that need to be fixed? Using Google Code Search, finding likely candidates is a snap.”
I figured that this has even further implications than one might think, for intarweb naughtiness of course. Lets say you need the code for the next latest and greatest exploit…
FYI – This is where the how to part starts.
Lets say that you were looking for the code to “jpegofdeath”. I know its old and patched, but that’s the point, trying to keep the script kiddies at bay for at least a couple of hours. Well here’s what you do:
Now type in
For those that are as lazy as me out there, here are the results you’ll get.
CLICKY CLIKCY or you can see the screen shot below.
So that’s one way to find the code for an exploit. Of course the real 1337 mofo’s out there can get hardcore and search for snippets of code that are common coder mistakes that leave a program vulnerable to attack. Then WHAM new exploit all over the web, maybe even a virus or four. This is starting to get a little too easy, nah nothing can ever be too easy, yeah I went there.
Passivemode has a great article up on what error’s to look for:
I’m not sure if this is a warning to coders out there or just really really kewl. I’m gonna go with really really kewl.
Hack on fellow bored people. Let me know if you find anything kewl.
(I’m going to give myself a 10 yard penalty for overuse of the word “kewl”. How friggin lame is that!!!)