Government Computer News
Google-hacking made easy
With a name like “Cult of the Dead Cow” you know these guys are probably up to no good, and they are living up to expectations with the release of Goolag Scan, a tool to automate the use of search engines to scan for vulnerable applications, back doors and sensitive information on Web sites.
Digg
De.licio.us
Slashdot
Technorati
This is a technique called “Google-hacking,” named for the Web’s predominate search engine, and it isn’t new. What’s new is the improved tool that makes it easier to do the searches.
“I don’t think they have anything new in terms of new capabilities,” said Amichai Shulman, chief technology officer of Imperva Inc. of Foster City, Calif., and head of the company’s Application Defense Center. “They do have a tool that makes Google hacking more accessible to script kiddies.”
Goolag Scan runs with Windows, has a good graphical interface along with a library of about 1,500 carefully crafted searches that can reveal sensitive information about or from queried Web sites. The tool is neutral; it can be used for penetration-testing by administrators and application owners to identify weaknesses or by hackers to find vulnerabilities to exploit.
“Tools like this scanner are a wake-up call for application owners,” Shulman said. “And that is a good thing. The issue of data leakage into search engines is a big issue.”
The Cult of the Dead Cow has said much of its research in this area has been against government servers where it has been able to turn up sensitive information that has been unwittingly exposed.
"With a lot of script kiddies having this tool, I think the government can expect a rough period of headlines,” Shulman said.
The practice of using search engines to find sensitive information has been around for years. Johnny Long, a security researcher and penetration tester for Computer Sciences Corp. in El Segundo, Calif., wrote the book on the subject, “Google Hacking for Penetration Testers,” in 2005. Government became acutely aware of the practice in the wake of the terrorist attacks in 2001, Long said. It is one of the reasons agencies began scrubbing Web sites of sensitive data following the attacks.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [valor]](/images/1105logo_website.gif "Government Computer News [valor]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
