|
Use Google Hacks Once A Month To Seal Content Leaks
By Dan Morrill
Expert Author
Article Date: 2008-12-15
As I play around with a number of newer Google Hacks, the more I realize people have to find out what is in Google about their company and their systems.
Google hacking is very old now, over five years old since the idea started cropping up around the internet, yet many of the traditional and some of the newer Google hacks still work. Some of these could lead to a devastating loss of information or complete loss of control of your computer systems. This might look like script kiddy kind of work, and not as sexy as watching the IDS system, or writing that report your boss wanted last week, the fact is people Google hack just for fun, just to see what is out there. Google hacking is a springboard in the discovery of ways to break things, and get information that would be normally locked off from causal passerby traffic.
Google fundamentally altered all this, leaving more and more companies scrambling to stop leaks that the Google search engine was able to find in corporate and private infrastructures. The sad fact is that many of these hacks are still very viable, and are not just for Google anymore. The addition of Boolean strings and data search refinement right in the search box for MSN and Yahoo meant that what Google missed, MSN/Live and Yahoo picked up. In some cases, MSN/Live and Yahoo will show more systems than Google will.
As part of any good information security program, you should have two or three people who spend a couple hours a day looking at what is in the major search engines that might lead to a compromise of your computer systems. You can also run a program like Nutch to spider your own systems and see what crops up as the spider tracks through links on your site and provides you a searchable index of what it finds.
There really is no excuse for a Google hack to work anymore in government, education, or business, but they still do. With the holidays coming up, kids are going to be out there searching around looking for things to do while they wait for school to start back up. Google hacking is going to be one way that kids pass the time. Real hackers though also use Google hacking as a way to probe the security readiness of a company, if there are many Google hacks that work, you can bet that the rest of their internal security is going to be poor. This creates a great way to calculate risk of being caught against the reward of spending time hacking into a company. Poor security as shown by simple script kiddy level Google hacks will lead to an escalation as people figure out that there are cooler things they can do.
For 2009, make a new year's resolution for your company, to Google hack yourself once a month, for three or four hours to make sure that nothing shows up that should not be there.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
|
