Net Hacker Tool du Jour: Google

Tuesday, 4 March 2003, 12:27 PM EST

Why bother pounding at a website in search of obscure holes when you can simply waltz in through the front door?

Hackers have recently done just that, turning to Google to help simplify the task of honing in on their targets.

"Google, properly leveraged, has more intrusion potential than any hacking tool," said hacker Adrian Lamo, who recently sounded the alarm.

The hacks are made possible by Web-enabled databases. Because database-management tools use canned templates to present data on the Web, typing specific phrases into Internet search tools often leads a user directly to those templated pages. For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro database interface -- into Google recently yielded about 200 links, almost all of which lead to FileMaker databases accessible online.

In a few cases, the databases contained sensitive information. One held the addresses, phone numbers and detailed biographies of several hundred teachers affiliated with Apple Computer. It also included each teacher's user name and password. The database was not protected by any form of security.

Another search result pointed to a page served by the Drexel University College of Medicine, which linked to a database of 5,500 records of the medical college's neurosurgical patients. The patient record included addresses, telephone numbers and detailed write-ups of diseases and treatments. Once Google pointed the visitor to the page, the hacker merely needed to type in an identical user name and password (in short, the name of the database) in order to access the information.

[ Read more ]




Spotlight

51% of consumers share passwords

Posted on 20 August 2014.  |  The research revealed that consumers are not only sharing passwords but also potentially putting their personal and sensitive information at risk by leaving themselves logged in to applications on their mobile devices, with over half of those using social media applications and email admitting that they leave themselves logged in on their mobile device.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //