Hackers Find “Google Hack” Gainful
Many websites have inherent loopholes in their designs that leave them exposed to exploitation. Unfortunately, these loopholes are not instantly obvious and writing their fixes is also not simple.
'Google hacking' is a common practice to exploit a widespread vulnerability. The term 'Google hacking' implies to the act of efforts made by a hacker to discover exploitable targets and sensitive data using the search engine.
Google search engine has a database called "Google Hacking Database" (GHDB), which is a collection of queries that detect sensitive data. Although Google prevents some of the popular Google hacking queries, it cannot stop a hacker from penetrating a site and set floating the GHDB queries directly onto the site content.
Most often, intruders are able to enter sites and draw data without leaving any clue because the information is already listed and saved on the servers of different 'Internet search sites'. These hacks require the least tools and almost no skill. Just a Web-connected PC and some keywords like "filetype:sqlpassword" or "index.of.password" can perform it.
Search sites keep most of the data of site owners in their index. Site owners may not know that confidential information is so easily and readily available as a part of the search index in their search sites for hackers to use the it for nefarious purposes.
According to Michael Howard, a senior security program manager at Microsoft in Redmond, Washington, site owners handling sensitive data must think about these vulnerabilities. Once a user is hooked onto the Web, the most secret things become open and it is easy to take all the information from him. Although exposure of websites in this manner is not the only way, it is one of the easiest and fastest methods to gain illegitimate access.
A Google spokesman, Barry Schnitt, says that search engines are the best reflection of Web incidents. They are, thus, continuing with efforts to prevent and stop exploits and educate Webmasters to apply best practices and effectively secure their websites.
The best way to check websites and applications for 'Google hacking vulnerabilities' is to employ a "Web Vulnerability Scanner". The function of a "Web Vulnerability Scanner" is to scan the entire website and automatically check for pages that are spotted by 'Google hacking' queries.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 07-10-2006