en proves
5 d'abril del 2005
Els llocs web insegurs no són els únics objectius dels hackers. Maquinari de xarxa, càmeres de seguretat, impressores, i d’altres, són també objectius a l’abast de qualsevol. L’anomenat “Google-hacking”, basat en crear combinacions de cadenes de recerca amb l’objectiu de descobrir llocs confidencials, no és una tècnica particularment nova, però està evolucionant cap a un problema més gran.
  • Actualment 3 sobre 5
  • 1
  • 2
  • 3
  • 4
  • 5
There are numerous ways to exploit vulnerabilities and mount attacks that allow access to the back end of ecommerce websites. "Google can do the same thing but puts it in hands of amateurs," (..)

(..) routers with default passwords could be located and turned off. The same approach allows the cache of insecure printers to be browsed, enabling hackers to view or download potentially sensitive documents. Insecure UPS systems, time lapse security cameras and even PBX telephony systems can also be nobbled. (..)


Google can be also used to conduct reconnaissance on vulnerable systems without sending packets to a target. Attackers can map domains or get a list of vulnerable servers using the search engine. (..)

The technique can be turned on its head by security pros to find and fix potential security holes, (..) Google hacking for penetration testers (..) Sensepost has developed a number of applications to automate this process.

Google-hacking has been picked up as a technique by virus writers. Recent worms have taken advantage of Google to automate the search for vulnerable machines. In response, Google has started blocking "evil queries" (..)

(..) Even when Google fixes this, further query manipulation will still be possible. "Never assume Google will protect you," (..)
Digues la teva *
Informació Relacionada
Per temes
Des del punt de vista de la tecnologia