[Owasp-google-hacking] Google hacking code

George Anelopolis george.anelopolis at gmail.com
Sun Jun 13 21:53:57 EDT 2010


Christian,

There IS NO requirement for a "test harness". It is clear that would
be an undertaking in which you intentionally violate the Terms of
Service. The distribution of plain source code is still acceptable,
and it is all that Mr. Empeigne has requested.

In regards to your thoughts on ethics, you have been quoted online
(i.e. http://blog.internetnews.com/skerner/2008/10/sector-walking-out-of-googless.html)
as saying:

    - "Heinrich argued that the OWASP Google Hacking effort is not a
violation of Google's Terms of Service"
    - "Heinrich said that the Google hacking tools will be released in
November of 2008 and will be published on Google Code itself."

Statements like these have obviously mislead conference organizers,
attendees, journalists and the rest of the OWASP community.

George.

On Sun, Jun 13, 2010 at 12:09 PM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:
> George,
>
> On Sat, Jun 12, 2010 at 6:57 PM, George Anelopolis
> <george.anelopolis at gmail.com> wrote:
>> As your code for the Google hacking project did not include any "work
>> around" of the SOAP Search API, there is no violation of Google TOS.
>
> I disagree as to execute the test harness (prior to its distribution)
> would require OWASP to violate Google's TOS and therefore our (OWASP)
> agreement with Google.
>
>> It's highly unethical to present research at industry conferences if
>> you do not wish to fully disclose the findings. It seems that Mr.
>> Empeigne has made a legitimate request, and you should be doing all
>> you can to assist.
>
> I disagree as the PoC was last demonstrated well within the period
> (i.e. July 2009 at SyScan'09 Singapore) prior to
> http://googlecode.blogspot.com/2009/08/well-earned-retirement-for-soap-search.html
> and furthermore Brad has reviewed the latest slides published at the
> conclusion of these the conferences to understand the Google Search
> SOAP API functionality within the PoC.
>
>
> --
> Regards,
> Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
> OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
> _______________________________________________
> Owasp-google-hacking mailing list
> Owasp-google-hacking at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-google-hacking
>


More information about the Owasp-google-hacking mailing list