Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop...
-
Upload
amberlynn-cunningham -
Category
Documents
-
view
216 -
download
0
Transcript of Copyright ©2004 Foundstone, Inc. All Rights Reserved »Google Hacking Searching For Ways To Stop...
Copyright ©2004 Foundstone, Inc. All Rights Reserved
Google HackingSearching For Ways To Stop Hackers
Copyright ©2004 Foundstone, Inc. All Rights Reserved
George KurtzMcAfee, Inc.
Senior Vice PresidentRisk Management
“Using public sources openly and without resorting to illegal means, it is possible to gather at least 80 percent of all information required about the enemy”
- Al Qaeda training manual
How Google Works
Advanced Search Operatorssite (.edu, .gov, foundstone.com, usc.edu)filetype (txt, xls, mdb, pdf, .log)Daterange (julian date format) Intitle / allintitle Inurl / allinurl
Threats
intitle:"Index of" finances.xls "Network Vulnerability Assessment Report“ /
filetype:pdf "Assessment Report" nessus "not for distribution" confidential site:edu grades admin "ORA-00921: unexpected end of SQL
command“ "VNC Desktop" inurl:5800 intitle:guestbook "advanced guestbook 2.2
powered“ intitle:"index of" trillian.ini
Threats - Categories
Private information Usernames / passwords Configuration management / Remote
Admin Interface Error messages Backup files / log files Public vulnerabilities
Tools - SiteDigger
Version 2 features Proxy support / Google appliance support
XML signatures in OASIS WAS format Adding signatures for OWASP top 10 Signature contribution option Raw search tab Configurable # of results
Countermeasures
Keep sensitive data off the web!! Perform periodic Google Assessments
Update robots.txtUse meta-tags: NOARCHIVEhttp://www.google.com/remove.html