Google knows your passwords

Here's a clever search trick with implications for anyone who thinks their passwords are a well kept secret.It's described in this blog post by Steven J Murdoch, one of several computer security researchers at the University of Cambridge behind the excellent Light Blue Touchpaper blog.The blog was compromised a few weeks ago using weaknesses in the underlying publishing software and Murdoch decided to perform a thorough forensic analysis of the event. During his investigation, he discovered an account created by the perpetrator along with an associated MD5 hash "20f1aeb7819d7858684c898d1e98c1bb" (the cryptographic code used by the system's database to identify the correct password).Murdoch then tried to guess the password. After running through several dictionaries of potential passwords, he tried simply pasting the hash into Google, which promptly revealed the password in question to be "Anthony" – no doubt the name of whoever broke into the system in the first place.Plenty has been written before about using Google to find potential software vulnerabilities, but this is a particularly nice example. As search engines become increasingly powerful, it is undoubtedly something software programmers and computer administrators will have to bear in mind.