Google opens door to hackers

Thursday, 31 July 2003, 6:41 PM EST

Hackers no longer even need to visit a website to attack it, instead they are using information from pages cached by popular search engine Google according to a report in the New Scientist.

One way hackers can break into a website is by hunting for private pages containing the passwords or usernames required to access secure parts of the site. These pages are normally hidden from the casual browser, but sometimes faulty software or failure to properly delete such pages make this data available, creating a serious security loophole, according to the report.

Hackers normally have to trawl the web searching for such vulnerabilities, but professional hacker Johnny Long told the New Scientist that search engines, such as Google, have made the task much easier.

Search engines work by following all the links on a page and caching the information they find to create a searchable database of web pages. So if a page contains a link to a private page the search engine will follow it and store the cached page. This means that hackers can search for common words found on pages containing sensitive information, such as 'cash history', 'temporary' and 'password'.

[ Read more ]


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Dec 1st