belliott
Joined: 29 Aug 2004
Posts: 25
|
| Posted: Thu May 12, 2005 11:44 am Post subject: Google Hacking and Confidential Files Protection |
|
|
Article title: Google Hacking and Confidential Files Protection
AKS-Labs wrote: Using powerful search engines, such as Google, anyone can look for all type of information residing in an immense number of servers connected to the web all over the globe. However, organizations usually disclose too much information on their web servers without ever knowing. Search engines’ powerful features allow hackers to find some sensitive information stored in the far corners of web-connected servers and perform a vulnerability-searching attack.
John Leyden in his article “Hacking Google for fun and profit” wrote: “Insecure websites are not the only venues at risk from Google-hacking. Network hardware can be hacked, cached printing pages can be perused and security cameras snooped on thanks to evolutions in attack techniques that are dumbing down network attacks”. Although there are plenty of ways to abuse network vulnerabilities and mount attack that allow access to the back end of ecommerce websites, Google offers a simple and stylish technique almost everyone can employ: “this dumbing down of cracking opens the way to numerous attacks.”
Google hacking technique “can be turned on its head by security pros to find and fix potential security holes”. Google scanning is a front end for an external server assessment and contributes to the information-gathering phase of a vulnerability assessment. This operation may be necessary to find out what information from the web site has already been revealed by using a search engine.
The most practical way to keep search engines from reaching specific information on a web site is to set up a gatekeeper in a form of an instruction page for the search engine’s crawler. Most search engines look for a file called 'robots.txt', which specifies the areas of a web site that can be indexed. File “robots.txt” should be properly configured and updated on a regular basis, to prevent sensitive information exposure.
Google hacking is a serious problem for most organizations as it provides for techniques of different type of information exposure. Collecting data on web server software version, firewall log files, password protected files location makes it easier to gain unauthorized access to a remote web server. Besides, in many cases users inadvertently leave sensitive or confidential files in folders that are web-accessible, so that information gets quickly available to the public through the search engines. To protect yourself against Google hacking, you need to be constantly aware which information resources on your web server are open to the search engines.
Read article: Google Hacking and Confidential Files Protection
|
|
