Honeypots and the Accidental Hacker

I was intending to post something on the book Virtual Honeypots: From Botnet Tracking to Intrusion Detection, by Google engineer Niels Provos and German grad student Thorsten Holz, but I was distracted by something shiny in the text.

(Is it just me, or does “honeypots” sound like some really cloying term of endearment? “Honeypots … I’m ho-ome …” But I digress.)

Specifically, it was a search string. Enter this into the search box of your favourite engine:

“# -FrontPage-” inurl:service.pwd

The results you’ll get are likely the clear text password information for a Web server whose hatches aren’t fully battened. My search on Google turned up only 69, which means either a) in general, admins are being pretty good about properly configuring servers or 2) there’s about 70 honeypots set up to glean some information from potential intruders.

Honeypots are essentially decoy systems that aren’t connected to the corporate system and serve no legitimate function. Thus, any traffic on them would be an attempted exploit. Security folks can use them to log attacks and learn what they can about how the perps work, applying that information to their own security regimen.

Virtual honeypots are a cost- and time-effective alternative to physical machines, the book argues, and it takes a hands-on approach to demonstrating that. It’s a valuable book, and Provos took some time to talk about it with me in this podcast. Have a listen, buy the book. And — for entertainment purposes only, of course — visit for the full catalogue of Google hack search strings, my faves being the various online devices section, with links to Webcams, networked printers, etc.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Dave Webb
Dave Webb
Dave Webb is a freelance editor and writer. A veteran journalist of more than 20 years' experience (15 of them in technology), he has held senior editorial positions with a number of technology publications. He was honoured with an Andersen Consulting Award for Excellence in Business Journalism in 2000, and several Canadian Online Publishing Awards as part of the ComputerWorld Canada team.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight