Net Hacker Tool du Jour: Google

Tuesday, 4 March 2003, 12:27 PM EST

Why bother pounding at a website in search of obscure holes when you can simply waltz in through the front door?

Hackers have recently done just that, turning to Google to help simplify the task of honing in on their targets.

"Google, properly leveraged, has more intrusion potential than any hacking tool," said hacker Adrian Lamo, who recently sounded the alarm.

The hacks are made possible by Web-enabled databases. Because database-management tools use canned templates to present data on the Web, typing specific phrases into Internet search tools often leads a user directly to those templated pages. For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro database interface -- into Google recently yielded about 200 links, almost all of which lead to FileMaker databases accessible online.

In a few cases, the databases contained sensitive information. One held the addresses, phone numbers and detailed biographies of several hundred teachers affiliated with Apple Computer. It also included each teacher's user name and password. The database was not protected by any form of security.

Another search result pointed to a page served by the Drexel University College of Medicine, which linked to a database of 5,500 records of the medical college's neurosurgical patients. The patient record included addresses, telephone numbers and detailed write-ups of diseases and treatments. Once Google pointed the visitor to the page, the hacker merely needed to type in an identical user name and password (in short, the name of the database) in order to access the information.

[ Read more ]


Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 31st