Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our speciality !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Google Yourself To Identify Security Holes

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Networking
Author Message
digital8
Second Lieutenant


Joined: 29 Sep 2005
Posts: 1002

PostPosted: Sat Oct 01, 2005 7:57 am    Post subject: Google Yourself To Identify Security Holes Reply with quote
Google is very good at what it does. It automatically and systematically catalogues every document, image, web site or other data that is web accessible so that it can be quickly retrieved using the Google search engine. That includes potentially sensitive or confidential data that wasn't intended to be shared publicly. Google your own network or sites to identify possible security holes.
Try entering your name in a Google search. To narrow results to only those with your full name you should enclose your name in quotation marks. You might be surprised to find out how much information about you is available on the Web. You can do Google searches on a wide variety of information such as your phone number or your social security number and you might discover that there is more sensitive information about you available to the public than you would prefer.

For corporate networks, the efficiency of the Google robots at voraciously collecting any data available on the Web may compromise network security or reveal sensitive information or company trade secrets that should not be available to the public.

Some say Google shouldn't do that or ask that Google remove such information. But, you can't shoot the messenger. Google is just displaying what is available. If sensitive or confidential corporate information is available on the Web the proper thing to do is to find it and protect it within your network, not blame Google for finding it. In fact, there are tools available to help you find such information before an attacker can get a hold of it.

Two such tools are SiteDigger 2.0, a free tool from Foundstone, a division of McAfee, and the Wikto Web Assessment tool. Both utilities require that you install the Microsoft .NET framework and a Google API Key for full functionality. These tools will scan a designated Web site or domain and identify potential vulnerabilities, configuration issues, proprietary information, and other potential security concerns.

For complete details about the perils that Google may represent to your network or Web site, check out Johnny Long's book, Google Hacking for Penetration Testers, or his Web site at http://johnny.ihackstuff.com.

To download the tools mentioned above, you can use these links:

Foundstone SiteDigger 2.0 (http://www.foundstone.com/resources/proddesc/sitedigger.htm)
Wikto Web Assessment Tool (http://www.sensepost.com/research/wikto/)
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Networking All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group