Google opens door to hackers
Hackers no longer even need to visit a website to attack it, instead they are using information from pages cached by popular search engine Google according to a report in the New Scientist.
One way hackers can break into a website is by hunting for private pages containing the passwords or usernames required to access secure parts of the site. These pages are normally hidden from the casual browser, but sometimes faulty software or failure to properly delete such pages make this data available, creating a serious security loophole, according to the report.
Hackers normally have to trawl the web searching for such vulnerabilities, but professional hacker Johnny Long told the New Scientist that search engines, such as Google, have made the task much easier.
Search engines work by following all the links on a page and caching the information they find to create a searchable database of web pages. So if a page contains a link to a private page the search engine will follow it and store the cached page. This means that hackers can search for common words found on pages containing sensitive information, such as 'cash history', 'temporary' and 'password'.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.