While we are on the topic of Google indexing things and revealing security holes I think that VoIP devices should also be mentioned.
I remember when I was taking a network security class in college the professor was guiding us through the steps required to scan a network for vulnerabilities, specifically detecting services and control panels which are left open and vulnerable. Naturally we were using the college network for this, and in addition to the expected control panels of printers in different professors' offices I accidentally found the control panel for the school VoIP system, and it was not properly secured. I believe it was a Cisco system. Anyway the control panel seemed to offer access to modify various settings of the college VoIP phone system, with no password protection.
Now granted it could be that I only had access to this because I was doing the scan from "inside the system" instead of outside via the web, but I'm sure there are vulnerable VoIP systems which have accidentally exposed their control panels to the internet.
>Now granted it could be that I only had access to this because I was doing the scan from "inside the system" instead of outside via the web
If 'inside the system' means from a University internet connection, that it is very much a security hole, as anyone physiclly present could exploit it. (Or at best any person who the Univeristy allows on their network, which is much larger than the group of people who should be able to touch those settings)
I remember when I was taking a network security class in college the professor was guiding us through the steps required to scan a network for vulnerabilities, specifically detecting services and control panels which are left open and vulnerable. Naturally we were using the college network for this, and in addition to the expected control panels of printers in different professors' offices I accidentally found the control panel for the school VoIP system, and it was not properly secured. I believe it was a Cisco system. Anyway the control panel seemed to offer access to modify various settings of the college VoIP phone system, with no password protection.
Now granted it could be that I only had access to this because I was doing the scan from "inside the system" instead of outside via the web, but I'm sure there are vulnerable VoIP systems which have accidentally exposed their control panels to the internet.