If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Our friend in Google...
Found this on another group today...
Via NY Transfer News Collective * All the News that Doesn't Fit Reuters via Yahoo - Feb 13, 2005 http://story.news.yahoo.com/news?tmp...n_pluggedin_dc PluggedIn: 'Google Hacking' Digs Up Sensitive Material By Andy Sullivan WASHINGTON (Reuters) - Hackers have found a handy tool to take control of bank accounts, tap into corporate computer networks and dig up sensitive government documents. It's called Google. The Internet's most popular search engine can find everything from goldfish-care tips to old classmates in the blink of an eye, but it's equally adept at finding caches of credit-card numbers and back doors into protected databases. Google Inc. and other search providers create an inventory of the World Wide Web through an automated process that can uncover obscure Web pages not meant for the public. "If you don't want the world to see it, keep it off the Web," said Johnny Long, a Computer Sciences Corp. researcher and author of "Google Hacking for Penetration Testers." Unlike other intrusion techniques, Google hacking doesn't require special software or an extensive knowledge of computer code. At a recent hackers' conference in Washington, Long demonstrated the eye-opening results of dozens of well-crafted Google searches. Using Google, identity thieves can easily find credit-card and bank-account numbers, tax returns, and other personal information buried in court documents, expense reports and school Web sites that contain such information. Google hackers can download Department of Homeland Security threat assessments marked "For Official Use Only." They can gain control of office printers, Internet phones and other devices controlled through a Web interface -- including electrical power systems. "One Google query, a couple of buttons, you can actually turn off power to their house," Long said. Corporate spies can uncover passwords and user names needed to log on to a corporate network, or find poorly configured computers that still use default passwords. A search for error messages can provide important clues for intruders as well. One particular Google feature allows users to pull up older versions of a Web page. Such "cached" pages can turn up security holes even after they've been fixed, or allow an intruder to scan a network without leaving a footprint. It's impossible to tell how often malevolent hackers use Google. But the recent emergence of computer worms that spread using the search engine suggests that Google hacking has been common practice for years, Long said. "As soon as something gets to the worm phase, it's been in the manual phase for quite some time," he said in an interview with Reuters. Long said Google should not be blamed for the effectiveness of its search engine, though he said the company could raise the alarm when it notices suspicious activity. "Google removes content from search results under very limited circumstances," Google spokesman Steve Langdon said in an e-mail message, citing pages that contain child pornography, credit-card numbers and other personal information, or copyrighted material that is used without permission. Microsoft Corp.'s recent acquisition of several security firms underlines the rising concern about online threats. As awareness of Google hacking grows, security experts are boning up on search techniques to make sure their systems aren't vulnerable. Long's Web site (http://johnny.ihackstuff.com) has collected more than 1,000 Google searches that can uncover flaws, and free software programs by Foundstone Inc. and SensePost can run those searches automatically. Anybody with a Web site should Google themselves using a "site:" query that lists every Web site they have available online, Long said. "The most practical thing I can tell people is to be fully aware of what their Google presence is. Companies and even individuals should be aware of what they look like through Google," he said. * Search the NYTr Archives at: http://olm.blythe-systems.com/pipermail/nytr/ To subscribe or unsubscribe or change your settings via the web, visit: http://olm.blythe-systems.com/mailman/listinfo/nytr ================================================== =============== NY Transfer News Collective * A Service of Blythe Systems Since 1985 - Information for the Rest of Us 339 Lafayette St., New York, NY 10012 http://www.blythe.org e-mail: ================================================== =============== -- Save photography - shoot a roll of film today! |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Protest against Google Groups | Roxy Durban | 35mm Photo Equipment | 13 | January 18th 05 08:59 PM |
Protest against Google Groups | Roxy Durban | 35mm Photo Equipment | 0 | January 17th 05 06:40 AM |
OT - Major changes for Google | Jonovan Powell | Digital Photography | 17 | August 4th 04 05:51 AM |