Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Google makes hacking easier

Google makes hacking easier

by Nikola Strahija on June 26th, 2005 Google hacking is making it easier for wannabe hackers to find vulnerable Internet sites.


According to Barry Cribb, MD of IS Digital Networks, a potential hacker can identify weaknesses in Web sites simply by building the correct queries in the advanced search criteria.

-Obviously these criteria have been designed to help the average Net user refine their searches, but as they say in the classics, what can be used for good can also be used for evil, he says. -The real problem here is that the traffic is initially directed to the Google search engine cache, passing firewall or IDS detection mechanisms, so the victim is unaware a hacker has even discovered the vulnerability until it is too late.

He says that by using specific commands combined with wild card characters, it is possible to build queries capable of searching for specific vulnerabilities of Internet-facing devices, thus providing hackers with more targets faster than ever before.

-This is emerging more and more in the public domain, because as more people become aware of this, they are curious, so someone who is simply trying it to see how it works, rather than a dedicated hacker may even do it, says Cribb.

Cribb says that by entering a certain string into the Google search window a person will get a list of about 38 000 sites with admin login pages. He claims that standard login pages and welcome messages, as well as the standard error messages are examples of weaknesses that may be exploited by hackers.

-The best way of protecting yourself from the possibility of Google hacking is to change your default welcome message; change default error messages; remove the site or at least parts of it from the Google list, using the robots.txt file; and remove sensitive information from the Web site.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »