Jason Hart
Jason Hart
R E L A T E D   C O N T E N T
Similar articles
IT hound results
News centre
More from vnunet.com

Free email newsletters




ADVERTISEMENT

Bugwatch: Don't fall victim to a Googlehack

Confidential data can all too easily leak through to search engines

Jason Hart, head of security, WhiteHat UK, vnunet.com 05 Aug 2004
ADVERTISEMENT

Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.

This week Jason Hart, head of security for WhiteHat UK, advises on the dangers posed by search engines' caching of confidential web pages, and the simple measures companies can take to protect themselves.

Internet search engines are deviously clever things. Everyone grew obsessed with them when the web became truly mass market, and today they remain the principal way of navigating through the billions of online places connecting you to the rest of humanity.

The über-search engine has emerged as Google, so much so that it's become ingrained in popular culture. Fans of author and comedian Dave Gorman will be familiar with the Google-inspired craze of 'Googlewhacking', a bizarrely engaging pasttime where you enter two-word combinations into the search bar in a bid to locate a singular web search result, e.g. 'verisimilitude orangeries'.

Very recently I've become aware of another craze, this time among the hacking fraternity: the Googlehack.

System administrators often lack the time, interest or ability to remove confidential information from within the root of their servers, or even know whether or not confidential information is held there.

This oversight means that the average user has the ability to hack into databases and web servers, and to access private information - all thanks to internet search engines.

All search engines are based on a similar technology. They use spider programs to take a snapshot of each page it examines as it crawls the web, caching these as backup in case the original page is unavailable.

The all-encompassing sweep of its crawl means that search engines cache content that should really be private, but once it's cached it becomes public domain information.

Type in the right search command and hey presto, you're on your way to a security breach.

Being a responsible citizen, I'm not about to disclose what any of those search commands might be. However, I can assure any doubters that search engines can be used to sneak past existing infosecurity systems, act as a transparent proxy server and locate information that should only be available to the owner.

They can even find exploitable targets on the web which run certain operating systems and web server software, and harbour specific vulnerabilities and sensitive data in public directories and files.

A well-equipped hacker will use any means possible to try and map out an intended victim's data infrastructure. His first act will be to research any internet-facing resources that the company in question operates.

But he'll save himself a lot of time and bother if he just powers up a search engine and hides behind its perpetual searching and caching resources.

Typing in a site will bring you a list of pages referring to all related internet-facing resources. There might be many thousands of these, but a determined scan of the results could easily uncover host names, IP addresses, employee names, phone numbers, passwords and email addresses.

In some cases, where e-commerce applications are in evidence, this even extends to user account information.

To save time and to drill deeper, the hacker will punch in more commands in order to focus on HTML-style directory listings. This is a directory underneath a document root of a web server lacking an 'index' file. Search engines cache indiscriminately, so it's not uncommon to be able to locate live hyperlinks between public-facing web pages and privately stored files.

Unfortunately, administrators often neglect such directories and do not know about the extra security needed when hyperlinking private files to the public web pages.

This kind of background research can help the hacker identify any default system configurations. If default configurations are being employed, then there's a 90 per cent chance that publicly known default passwords can be used to unlock them.

Search engines are trusted visitors to all websites, and administrators turn a blind eye to the crawling and caching.

My advice is to learn about the simple measures you can take to patch up this vulnerability, and pursue policies that close all the gaps in your IT infrastructure.

See also:

Security
Security
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
C++ Market Data Developer - Unix - Java - SQL
| Aston Carter
C++ Market Data Developer - Unix - Java - SQL My client are a top financial software house based in the city. They are currently seeking a C++ developer to work in their market data ... more >
Python Developer - Start Up - Django - Perl
| Aston Carter
Junior Python Developer - SQL - Functional Programming - Javascript - Django - Perl - Ruby - MVC My client are a startup software house that specialise in online gaming. The team is small and ... more >
Software Administrator - Salesforce legend required - London
| Aston Carter
Required: Salesforce CRM, Excel My client are Britain's leading financial spread betting firm and are the world's leading trading platform for private investors. This is an excellent opportunity for Salesforce Administrator to join a leading ... more >
C# Developer, Hedge Fund, Algo Trading, London
| Aston Carter
C# Developer, Hedge Fund, Algo Trading, London The role is working for a boutique derivatives trading company who focus on options high frequency algorithmic trading. They are looking for a bright junior Microsoft .net developer ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in England and Wales with company registration number 04038503