Net Hacker Tool du Jour: Google

Tuesday, 4 March 2003, 12:27 PM EST

Why bother pounding at a website in search of obscure holes when you can simply waltz in through the front door?

Hackers have recently done just that, turning to Google to help simplify the task of honing in on their targets.

"Google, properly leveraged, has more intrusion potential than any hacking tool," said hacker Adrian Lamo, who recently sounded the alarm.

The hacks are made possible by Web-enabled databases. Because database-management tools use canned templates to present data on the Web, typing specific phrases into Internet search tools often leads a user directly to those templated pages. For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro database interface -- into Google recently yielded about 200 links, almost all of which lead to FileMaker databases accessible online.

In a few cases, the databases contained sensitive information. One held the addresses, phone numbers and detailed biographies of several hundred teachers affiliated with Apple Computer. It also included each teacher's user name and password. The database was not protected by any form of security.

Another search result pointed to a page served by the Drexel University College of Medicine, which linked to a database of 5,500 records of the medical college's neurosurgical patients. The patient record included addresses, telephone numbers and detailed write-ups of diseases and treatments. Once Google pointed the visitor to the page, the hacker merely needed to type in an identical user name and password (in short, the name of the database) in order to access the information.

[ Read more ]


How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Sep 19th