Net Hacker Tool du Jour: Google

Tuesday, 4 March 2003, 12:27 PM EST

Why bother pounding at a website in search of obscure holes when you can simply waltz in through the front door?

Hackers have recently done just that, turning to Google to help simplify the task of honing in on their targets.

"Google, properly leveraged, has more intrusion potential than any hacking tool," said hacker Adrian Lamo, who recently sounded the alarm.

The hacks are made possible by Web-enabled databases. Because database-management tools use canned templates to present data on the Web, typing specific phrases into Internet search tools often leads a user directly to those templated pages. For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro database interface -- into Google recently yielded about 200 links, almost all of which lead to FileMaker databases accessible online.

In a few cases, the databases contained sensitive information. One held the addresses, phone numbers and detailed biographies of several hundred teachers affiliated with Apple Computer. It also included each teacher's user name and password. The database was not protected by any form of security.

Another search result pointed to a page served by the Drexel University College of Medicine, which linked to a database of 5,500 records of the medical college's neurosurgical patients. The patient record included addresses, telephone numbers and detailed write-ups of diseases and treatments. Once Google pointed the visitor to the page, the hacker merely needed to type in an identical user name and password (in short, the name of the database) in order to access the information.

[ Read more ]




Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //