Hackers turn to Google to find weakest links

[MemorY]

Computer hackers have adopted a startling strategy in their attempts to break into websites. By using the popular search engine Google, they do not have to visit a site to plan an attack. Instead, they can get all the information they need from Google's cached versions of web pages, say experts in the US.

http://www.newscientist.com/news/news.jsp?id=ns99994002

[DeadAddict]

Hehe this is no surprise since google is the best search engine to use to find anything on the web. I bet they are working really fast to fix those loopholes

[Galdron]

Alas many times the information directly relevant to the search is found in Cache. This is the only way searches can reveal information specific to the search itself. Damn that's alomst a toung twister. Another Ramble by Galdron.

Catch 22 if you ask me. The good outways the evil in this case.



P:

Good info MEM.

[Kimeramon_2001]

Well hole or no hole I like google

[hypronix]

A tutorial I read on how to use Google to find such 'holes' gave clear note that it is not a flaw within Google itself that these pages/documents can be found, rather a mistake in those configuring the webserver. Even in the link MemorY posted it is mentioned 'faulty software implementation' at some point, in regards to this. If such a link is publicly available, it means someone, somewhere, didn't do his/her job quite as he/she should have.

For those having a webserver or testing ones security, the tutorial I mentioned can be found at

http://neworder.box.sk/newsread.php?newsid=8203

I am aware the Box.sk network is viewed by many as a hacker's resource, but I hope I need not explain again one cannot be good at protecting a site [website or other internet-connected machine] if one is not up2date with what the possibilities are for someone to 'own' you. This tutorial explains the search features Google has to offer and a theoretical approach at getting that info through the engine. Hope it helps you to protect whatever you have to protect, and readers will be mature enough not to use it as anything else but an informational resource.

cheers!

[Faqt]

Hi all-
I wish I could find it...I learned about the availability of information from cached pages here in a google tutorial.
I remember the post saying to hurry up and use it before it was no longer available.

[draziw]

Hmmm, no offense, but were hypronix and memorY the only ones to really read that article? It doesn't mean that you should like Google any less, or it's "something you should use while it's still available" or anything like that..

The basic point was that this really isn't a hole in google, but a means that people are using google to find holes in webservers or web apps... and because of google's cache (not to mention many others out there), it enables hackers to find information that's no longer accessible on the site (perhaps being long-since patched, removed, etc) but perhaps still pertinent to the security of the site... hell, it even enables people to easily find things buried within the comments on a page but perhaps not clearly displayed in the browser -- search engines can be a very powerful tool (somewhat evident by the large number of "just use google" posts along with the many tutorials on the very same subject). And, of course, with anything so useful, they're often employed for both good and bad purposes...

So, this really isn't "something for Google to fix" (as there are many legitimate reasons for people to post things that might look very similar to "useful information" (as we used to call it) but not really have it fall under this sort of category). It's just one thing that any decent "hacker" does while enumerating a site, anyway, if you ask me...

Just my $0.02...

[tampabay420]

stupi h4x0r(s) ,

-because of stuff like this... Google will now be less effective...

[draziw]

Personally, I always like google's hacker page:

http://www.google.com/intl/xx-hacker/

[cj7jeeper]

I agree that google is the best search engine but, who's responsibility is it to keep the sight secure, If not google?