[Owasp-google-hacking] Google hacking code

Christian Heinrich christian.heinrich at owasp.org
Sat Jun 12 22:09:00 EDT 2010


George,

On Sat, Jun 12, 2010 at 6:57 PM, George Anelopolis
<george.anelopolis at gmail.com> wrote:
> As your code for the Google hacking project did not include any "work
> around" of the SOAP Search API, there is no violation of Google TOS.

I disagree as to execute the test harness (prior to its distribution)
would require OWASP to violate Google's TOS and therefore our (OWASP)
agreement with Google.

> It's highly unethical to present research at industry conferences if
> you do not wish to fully disclose the findings. It seems that Mr.
> Empeigne has made a legitimate request, and you should be doing all
> you can to assist.

I disagree as the PoC was last demonstrated well within the period
(i.e. July 2009 at SyScan'09 Singapore) prior to
http://googlecode.blogspot.com/2009/08/well-earned-retirement-for-soap-search.html
and furthermore Brad has reviewed the latest slides published at the
conclusion of these the conferences to understand the Google Search
SOAP API functionality within the PoC.


-- 
Regards,
Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking


More information about the Owasp-google-hacking mailing list