Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [inbox] Re: Supporters urge halt to, hacker's, extradition to US
From: n3td3v <xploitable () gmail com>
Date: Tue, 30 Sep 2008 22:41:38 +0100

On Tue, Sep 30, 2008 at 9:30 PM, Eliah Kagan
<degeneracypressure () gmail com> wrote:
Here's a question, relating to the PUBLIC DOMAIN issue. I don't know
the answer, but it seems relevant.

When a http indexing bot (like those used by Google, for instance)
comes upon a hyperlink into a page that is http authenticated, does it
follow the link and try a blank password, or does it not follow the
link? Is there some accepted standard for that?

If it is considered acceptable to assume that access is permitted to
any system that doesn't have passwords set but present http
authentication, it would be hard to argue that other forms of
authentication are different. Of course, having gained access, making
deliberate modifications, however slight, would be illegal.

All you do is give Googlebot the password and hey presto! Read below:


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]