Kr0m
OSNN Veteran Addict
- Joined
- 4 Dec 2001
- Messages
- 1,392
Found this over at Reuters, written by Andy Sullivan, dated Feb. 11.
More info here:
http://today.reuters.co.uk/news/new...IN163746_RTRIDST_0_OUKIN-COLUMN-PLUGGEDIN.XML
Hackers have found a handy tool to take control of bank accounts, tap into corporate computer networks and dig up sensitive government documents.
It's called Google.
The Internet's most popular search engine can find everything from goldfish-care tips to old classmates in the blink of an eye, but it's equally adept at finding caches of credit-card numbers and back doors into protected databases.
Google Inc. and other search providers create an inventory of the World Wide Web through an automated process that can uncover obscure Web pages not meant for the public.
"If you don't want the world to see it, keep it off the Web," said Johnny Long, a Computer Sciences researcher and author of "Google Hacking for Penetration Testers."
Unlike other intrusion techniques, Google hacking doesn't require special software or an extensive knowledge of computer code.
At a recent hackers' conference in Washington, Long demonstrated the eye-opening results of dozens of well-crafted Google searches.
Using Google, identity thieves can easily find credit-card and bank-account numbers, tax returns, and other personal information buried in court documents, expense reports and school Web sites that contain such information.
Google hackers can download Department of Homeland Security threat assessments marked "For Official Use Only."
They can gain control of office printers, Internet phones and other devices controlled through a Web interface -- including electrical power systems.
"One Google query, a couple of buttons, you can actually turn off power to their house," Long said.
Corporate spies can uncover passwords and user names needed to log on to a corporate network, or find poorly configured computers that still use default passwords.
More info here:
http://today.reuters.co.uk/news/new...IN163746_RTRIDST_0_OUKIN-COLUMN-PLUGGEDIN.XML