Magazine article Security Management

Google Eyes

Magazine article Security Management

Google Eyes

Article excerpt

The search engine Google has achieved such ubiquity that it's already become a verb. Who hasn't googled an old friend, high-school flame, or job applicant? But its success has a dark side: It has become a chief source of information for hackers and virus writers who have learned how to use the search engine to dig up information that Web sites did not intend to make public.

The root of the problem is the way Google works. It sends a "WebBot" through sites; the bot follows links and indexes them. The search engine is extremely efficient, "including mapping out some pages that you would not expect to have access to," says Brian Serra, senior security consultant with Forsythe Solutions Group, an infrastructure technology provider. For example, files containing lists of passwords might be revealed, thus providing easy pickings for attackers.

Johnny Long, a security expert and ethical hacker with Computer Sciences Corporation, recently released The Google Hacker's Guide: Understanding and Defending Against the Google Hacker to instruct the security community in the ways that Google is being used as a hacking tool. The paper, written in language that can be understood by anyone who's ever used the search engine, explains the site's "advanced operators" that refine searches and provide information to potential attackers.

For example, the "site" operator--such as "site:securitymanagement.com"--will reveal every page on a Web site, including error messages that could reveal critical information about network hardware and software. Long, who calls searches for improperly exposed information "googledorks," says that his intent is to get people to try them on their own sites. "If you have a Web site, the best thing you can do is sit down with Google and get an idea of what Google knows about your site," he says.

A paper by security company Imperva titled Web Application Worms: Myth or Reality? …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.