Thursday, February 28, 2008

Hackers use Google to show vulnerabilities

I just read the article "Google-Powered Hacking Makes Search A Threat" on and it left me a little worried about my sites, but probably not as much as some companies are about their sites. Apparently hackers have created and released a windows application that can find holes in any web site.

From the article (text is from link above):
Wednesday saw the debut of the latest such tool, which derives its power from Google (NSDQ: GOOG)'s vast index. That's when the Cult of the Dead Cow, the self-proclaimed "world's most attractive hacker group," released a Web auditing tool called Goolag Scanner.

"It's no big secret that the Web is the platform," said cDc official Oxblood Ruffin, in a statement. "And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for Web site owners to patch up their online properties. We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large Web site, I'd be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious."

To prove that point, Ruffin provided InformationWeek with a list of 11 high-profile U.S. government agency and lab Web sites that had been scanned and found to have what appear to be significant security holes, including satellite access codes, credentials for VPNs and routers, and open proxies. He asked that the information not be published, as the group's intent is not to embarrass government officials or encourage attempts to hack government systems.


Goolag Scanner presently exists only as a Windows application, though it is being ported to other platforms. It allows the user to quickly scan Google's index for files on Web sites that may reveal security vulnerabilities. For example, Goolag Scanner allows you to search Web sites for containing file called "unattend.txt," which is used to drive unattended Microsoft Windows installations. The file may include information useful to hackers, such as administrator passwords.

Goolag Scanner doesn't do anything a hacker or penetration tester couldn't do by typing text into Google and using certain operator commands to constrain the search to a specific domain or file type. But it makes searching for holes much easier.

I am probably not going to download and use this tool because I'm cautious about using anything that a hacker has created and released. But maybe sometime I will if others say that they do and it doesn't do anything bad to their computer.

No comments: