[Owasp-google-hacking] Google hacking code

Christian Heinrich christian.heinrich at owasp.org
Mon Jun 14 02:21:41 EDT 2010


Interested parties had to provide a valid Google SOAP Search API key
which I then confirmed *prior* to forwarding the source code. If you
would like to provide a valid Google SOAP Search API key associated
with your Google Account i.e. brad.empeigne at gmail.com then I take the
extraordinary action recreating the SVN repository.

Your agenda is more sinister then stated i.e. contacting me privately
and then escalating this to an unrelated OWASP Mailing List where you
knew I was occupied with independently arbitrating the concerns of the
OWASP Melbourne Chapter to create
http://search.twitter.com/search?q=owaspgate and then claiming that
this was an innocent mistake is perceived as the action of a troll -
again please address the request within

would be in direct conflict to the hidden agenda of self promotion.

To quote the "Project Home" tab of http://code.google.com/p/dic/ i.e.
"This repository should be considered an historical archive as no
further development is planned due to the retirement of the Google
SOAP Search API in September 2009."

I never denied that this project "is in the past" but it still
promoted within my signature is to direct people to the OWASP Testing
Guide who may have reached OWASP via the GHDB - I have moved on to
contributing to OWASP in other ways.

I would suggest that if you want to be taken seriously that you
contribute via the AJAX Search API and cease being a "tire kicker" as
I have offered you my mobile/cell twice yet you have persisted in
escalating this to the mailing list.

On Mon, Jun 14, 2010 at 2:33 PM, Brad Empeigne <brad.empeigne at gmail.com> wrote:
> Hi Christian, I have read the Google terms of service and your
> explanation and disagree that releasing the code would be breaking it.
> I have read your slides and while you do have tiny snippets of source
> code and console screenshots it is far from actual project source code
> to reference. I have seen in some of your presentations you mention
> that you are doing a release but can not find evidence that there was
> an actual release of the code anywhere. I thought this because may be
> then someone would have a copy or it is mirrored somewhere. This leads
> me to the question .... was the code actually ever released to the
> Google repository?
> I am also unsure as to why you said you would send the code after
> AusCert and then later ignored my private requests but responded
> promptly on mailing lists with excuses as to why it can not be shared?
> Furthermore I am confused by your private requests to call you to
> discuss and i am not interested in doing so because i suspect you will
> just reiterate your take of the Google terms of service as some sort
> of noble excuse. Never did I expect such a simple request to turn into
> a long complicated debate and have lost faith in OWASP if they are
> running projects and making excuses to not distribute the work of open
> source projects.
> Some people would have simply added a note to the most recent release
> saying that it does not work due to a change in a dependent API and
> ask for support from possible contributors to migrate to the new API.
> This would have broken no terms of service and no one would have
> questioned it. Doing so could have kept the project running and
> contributes to the community. Unfortunately from my perspective it
> would seem now you are doing the opposite and considering it "in the
> past" and something you managed to get a bunch of conference travel
> for and a means of self promotion.

Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking

More information about the Owasp-google-hacking mailing list