Steven Murdoch, a security researcher who runs the Light Blue Touchpaper blog, discovered that an intruder had broken into his website and created an administrator account in the Wordpress blogging software installed on the server.
While carrying out computer forensics to discover the extent of the damage, Murdoch became interested in learning the hacker's Wordpress password.
As Wordpress passwords are MD5 hashed and stored in the user database, Murdoch wrote a script which hashed all words in the English dictionary to find a match.
When this failed Murdoch switched to a Russian dictionary, as comments in that language were discovered in the new code installed on the server. This did not work either, so he turned to Google.
Murdoch inputted the MD5 password hash into Google and got several hits with one thing in common: the name 'Anthony'. Sure enough, 'Anthony' was the password.
"Because of this technique, Google is acting as a hash pre-image finder, and
more importantly finding hashes of things that people have hashed before," said
"Google is doing what it does best: storing large databases and searching them. I doubt, however, that they envisaged this use."
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago