[Owasp-google-hacking] Google hacking code

Christian Heinrich christian.heinrich at owasp.org
Sun Jun 13 23:07:10 EDT 2010


On Mon, Jun 14, 2010 at 11:53 AM, George Anelopolis
<george.anelopolis at gmail.com> wrote:
> There IS NO requirement for a "test harness". It is clear that would
> be an undertaking in which you intentionally violate the Terms of
> Service. The distribution of plain source code is still acceptable,
> and it is all that Mr. Empeigne has requested.

I will not redistribute source code which I have not maintained or
implemented for sometime (i.e. since July 2009) *without* applying the
test harness against the entire SVN repositoy as part of my due
diligence and QA.

I have stated a number of times already that the information that Brad
requires is referenced within the slides and Brad is yet to indicate
otherwise that the slides have not addressed the information he is

Furthermore, I am bound by the agreement to Google and I see no gain
to the OWASP or the greater webappsec community in wasting OWASP
resources on lobbying Google on this matter.

On Mon, Jun 14, 2010 at 11:53 AM, George Anelopolis
<george.anelopolis at gmail.com> wrote:
> In regards to your thoughts on ethics, you have been quoted online
> (i.e. http://blog.internetnews.com/skerner/2008/10/sector-walking-out-of-googless.html)
> as saying:
>    - "Heinrich argued that the OWASP Google Hacking effort is not a
> violation of Google's Terms of Service"
>    - "Heinrich said that the Google hacking tools will be released in
> November of 2008 and will be published on Google Code itself."
> Statements like these have obviously mislead conference organizers,
> attendees, journalists and the rest of the OWASP community.

At the time that these statements were made it was not a violation of
the Google's TOS if the end user been issued a single Google SOAP
Search "Key" associated to their Google Account with the caveat that
the issuing of a Google SOAP Search API Key had been discontinued by
Google i.e. http://code.google.com/apis/soapsearch/api_faq.html#gen8
which I stated at SecTor.

Sean Michael Kerner did not confirm his Blog Post with me (or SecTor)
prior to publication and hence should not be considered the balanced
view of a journalist, rather then the uninformed opinion of a
misguided blogger.

Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking

More information about the Owasp-google-hacking mailing list