How a Google Search Can Become a Security Threat
Short summary:
Google hacking can find application vulnerabilities in many applications at once so it works better as a. shotgun than a rifle Mr. Williams of Aspect ...
Long summary:
How a Google Search Can Become a Security ThreatPage 1September 27 2006How a Google Search Can Become a Security ThreatBy DAVID STROMWHEN Ralph Nader wrote Unsafe at Any Speed in 1965 he exposed how certain design decisions hadmade some automobiles inherently unsafe. Much the same can be said for Web sites these days.Many sites contain inherent design flaws that leave them ripe for exploitation. Unlike lack of seat belts incars these flaws are not immediately obvious and the fixes are not simple.One widespread vulnerability can be exploited through a practice that has come to be known as Googlehacking. The term refers to the use of an Internet search site Yahoo Ask Google or any other to uncoveruseful and compromising information that has been inadvertently left on a Web site.Some Web site owners may simply not understand that their sites arent as secure as they think said JeffWilliams chief executive of a Columbia Md. consulting company Aspect Security. Mr. Williams is also thechairman of the Open Web Application Security Project a Web site that describes many of the vulnerabilitiesand provides tips on how to prevent or fix them.Examples of the material that can be uncovered include the locations of Web security cameras administratorpasswords for applications like payroll or other personnel matters private phone numbers for companyexecutives and even the contents of Internet commerce transactions.In most cases intruders can enter sites and extract data without leaving a trace because the information isalready indexed and stored on the servers of various Internet search sites.These hacks require no special tools and little skill.All that is needed is a WebconnectedPC and a few keywords to look for like filetype:sql password orindex.of.pass word.There is a lot of privileged informa tion that wasnt supposed to be played out in the public that is availablewith these sorts of attacks said Jeff Pettorino a senior consultant in the Global Security Consultingdepartment o ...
Source: www.aspectsecurity.com
Related
Google Hacking 101, Google Hacking 101. Edited by Don
Doumakes. and. Matt Payne CISSP. 15 June
2005 ... Wrote Google Hacking for
Penetration. Testers; ISBN 1931836361 ...,
more
Google Hacking of Oracle Technologies, Google Hacking of Oracle Technologies
V1.02. 2005 by RedDatabaseSecurity GmbH
..... Johnny Longs Google Hacking
Webpage:. http://johnny.ihackstuff.com/,
more
Google Hacking, Google hackingthe practice of using
specially crafted search engine queries to
cull information about a targetis now a
feather in ...,
more
