• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Interesting... 'Hack' Google

Kr0m

Moderator
#1
Found this over at Reuters, written by Andy Sullivan, dated Feb. 11.

Hackers have found a handy tool to take control of bank accounts, tap into corporate computer networks and dig up sensitive government documents.

It's called Google.

The Internet's most popular search engine can find everything from goldfish-care tips to old classmates in the blink of an eye, but it's equally adept at finding caches of credit-card numbers and back doors into protected databases.

Google Inc. and other search providers create an inventory of the World Wide Web through an automated process that can uncover obscure Web pages not meant for the public.

"If you don't want the world to see it, keep it off the Web," said Johnny Long, a Computer Sciences researcher and author of "Google Hacking for Penetration Testers."

Unlike other intrusion techniques, Google hacking doesn't require special software or an extensive knowledge of computer code.

At a recent hackers' conference in Washington, Long demonstrated the eye-opening results of dozens of well-crafted Google searches.

Using Google, identity thieves can easily find credit-card and bank-account numbers, tax returns, and other personal information buried in court documents, expense reports and school Web sites that contain such information.

Google hackers can download Department of Homeland Security threat assessments marked "For Official Use Only."

They can gain control of office printers, Internet phones and other devices controlled through a Web interface -- including electrical power systems.

"One Google query, a couple of buttons, you can actually turn off power to their house," Long said.

Corporate spies can uncover passwords and user names needed to log on to a corporate network, or find poorly configured computers that still use default passwords.
More info here:
http://today.reuters.co.uk/news/new...IN163746_RTRIDST_0_OUKIN-COLUMN-PLUGGEDIN.XML
 
#3
yup, it has loads of uses. There was an article posted on NewOrder that went into some detail.
You can use google to display the index of a directory and steal the .htpasswd file. As well as already mentioned cache's of passwords. :)
 

Members online

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,015
Latest member
oggeytom