How we got read access on Google’s production servers
From the post:
To stay on top on the latest security alerts we often spend time on bug bounties and CTF’s. When we were discussing the challenge for the weekend, Mathias got an interesting idea: What target can we use against itself?
Of course. The Google search engine!
What would be better than to scan Google for bugs other than by using the search engine itself? What kind of software tend to contain the most vulnerabilities?
- Old and deprecated software
- Unknown and hardly accessible software
- Proprietary software that only a few people have access to
- Alpha/Beta releases and otherwise new technologies (software in early stages of it’s lifetime)
I read recently that computer security defense is 10 years behind computer security offense.
Do you think that’s in part due to the difference in sharing of information between the two communities?
Computer offense aggressively sharing and computer defense aggressively hording.
Yes?
If you are interested in a less folklorish way of gathering computer security information (such as all the software versions that are known to have the Heartbeat SSL issue), think about using topic maps.
Reasoning that the pattern that lead to the Heartbeat SSL memory leak was not unique.
As you build a list of Heartbeat susceptible software, you have a suspect list for similar issues. Find another leak and you can associate it with all those packages, subject to verification.
BTW, a good starting point for your research, the detectify blog.