|
Bookmark this Search Engine Industry News And Resource. |
August 15, 2004
Google used to exploit security vulnerabilities
Google is a popular search engine, and is one of the handiest tools for many hackers, said a security expert on Thursday. Google's ability to record Internet sites' content can be used to pinpoint those with weak security, Johnny Long, a security researcher and computer scientist for Computer Security Corp. told attendees at the Black Hat Security Briefings here.
Though the technique is not new, well-crafted searches turned up so many sites with vulnerabilities that even jaded researchers laughed during the session.
"It is an old dog with new tricks," Long said. "It never ceases to amaze people, all the vulnerabilities out there."
By searching for default server page titles, for example, an attacker can find easily exploitable servers. Applications left in default modes can also be found by searching for error pages generated by the software. And searching for specific file names can pinpoint vulnerable servers connected to the Internet.
"It is the first step to finding vulnerable targets," Long said. A simple search for the log-in page of Microsoft's Web server software, the Internet Information Server, turned up 11,300 sites on the Internet that exposed the page to the public. Gathering log-in information for poorly configured databases is also easy, he said.
The exploitation of Google's in-depth searching capabilities underscores how software with no malicious motive can be used to help online intruders.
The recent MyDoom.o virus hammered Google and other search engines with searches from infected PCs for additional e-mail addresses to which the program could send itself. Security researchers have also theorized that Google and other search engines could be used as a carrier of malicious code.
"I only use Google to find vulnerable servers," said Tim Mullin, security specialist for accounting-software maker Anchor IS. Mullin said other search engines don't have the advanced search option available on Google and don't cache old versions of Web sites. "Not only can I see what exists now, but I can see what the Web site looked like before."
A Google representative could not immediately comment, citing Securities and Exchange Commission regulations regarding the quiet period before a public offering.
For most, the depth of Google searches is just one more potential threat to worry about.
"It's not revolutionizing anything that people are doing now," Long said. "It is just adding another attack vector."
Source: C-Net News
Posted by nakul at August 15, 2004 01:36 PM | TrackBackYou may find it interesting to visit the sites dedicated to http://www.debt-consolidation-consultant.info/ http://www.debt-consolidation-consultant.info/ debt consolidation http://www.flowers-leading-site.info/ http://www.flowers-leading-site.info/ flowers http://www.flower-leading-site.info/ http://www.flower-leading-site.info/ flower http://www.credit-reports-4u.info/ http://www.credit-reports-4u.info/ credit reports http://www.credit-report-4u.info/ http://www.credit-report-4u.info/ credit report http://www.mortgage-calculators-ebanking.info/ http://www.mortgage-calculators-ebanking.info/ mortgage calculator http://www.mortgage-4-u.info/ http://www.mortgage-4-u.info/ mortgage http://www.private-mortgage-insurance-ebanking.info/ http://www.private-mortgage-insurance-ebanking.info/ private mortgage http://www.student-loans-ebanking.info/ http://www.student-loans-ebanking.info/ student loans http://www.personal-loan-ebanking.info/ http://www.personal-loan-ebanking.info/ personal loans http://www.loans-4-u.info/ http://www.loans-4-u.info/ loans http://www.health-insurancedeals-4u.info/ http://www.health-insurancedeals-4u.info/ health insurance http://www.auto-insurancedeals-4u.info/ http://www.auto-insurancedeals-4u.info/ auto insurance http://www.car-insurancedeals-4u.info/ http://www.car-insurancedeals-4u.info/ car insurance http://www.insurancedeals-4u.info/ http://www.insurancedeals-4u.info/ insurance http://www.insurance-quotesdeals-4u.info/ http://www.insurance-quotesdeals-4u.info/ insurance quotes http://www.credit-card-applications-4u.info/ http://www.credit-card-applications-4u.info/ credit cards http://www.hotelse-site.info/ http://www.hotelse-site.info/ hotels http://www.hotele-site.info/ http://www.hotele-site.info/ hotels.com http://www.las-vegas-hotels-e-site.info/ http://www.las-vegas-hotels-e-site.info/ las vegas hotels http://www.cheap-hotels-e-site.info/ http://www.cheap-hotels-e-site.info/ cheap hotels http://www.hotel-dealse-site.info/ http://www.hotel-dealse-site.info/ hotel http://www.travel-e-site.info/ http://www.travel-e-site.info/ travel http://www.top-e-site.info/ http://www.top-e-site.info/ travelocity http://www.air-travel-e-site.info/ http://www.air-travel-e-site.info/ air travel http://www.great-e-site.info/ http://www.great-e-site.info/ hilton http://www.car-rental-e-site.info/ http://www.car-rental-e-site.info/ car rental http://www.car-rentals-e-site.info/ http://www.car-rentals-e-site.info/ car rentals http://www.rental-car-e-site.info/ http://www.rental-car-e-site.info/ rental cars http://www.deal-e-site.info/ http://www.deal-e-site.info/ expedia http://www.dating-e-site.info/ http://www.dating-e-site.info/ dating http://www.online-dating-e-site.info/ http://www.online-dating-e-site.info/ online dating http://www.dating-services-e-site.info/ http://www.dating-services-e-site.info/ dating services http://www.dating-site-e-site.info/ http://www.dating-site-e-site.info/ adult dating http://www.adult-dvd-top-shop.info/ http://www.adult-dvd-top-shop.info/ adult dvd http://www.dvd-top-shop.info/ http://www.dvd-top-shop.info/ dvd http://www.digital-camera-esite.info/ http://www.digital-camera-esite.info/ digital camera http://www.digital-cameras-esite.info/ http://www.digital-cameras-esite.info/ digital cameras http://www.golf-e-course.info/ http://www.golf-e-course.info/ golf http://www.golf-clubs-e-course.info/ http://www.golf-clubs-e-course.info/ golf club ... Thanks!!!
Posted by: flowers at December 6, 2004 07:53 AM