[ insider_reports_insider ]
Google, The Lazy Path To Hacking
David Utter
Staff Writer
2008-08-01
 Insider Reports RSS Feed
The power of Google's search and its depth of indexing, matched with a few operators for queries, makes it a fun place to poke around for possible holes.
 | | Google, The Lazy Path To Hacking |  |
Security pros may or may not be looking proactively at how their web-facing infrastructure exposes sensitive entry points. Be assured malicious people who are willing to execute a few keystrokes do so regularly from around the world.
We came across a lengthy list at ha.xors.org of ways to try and pry nuggets of details out of potentially vulnerable websites. The list shows what the good guy security pros ought to throw at their sites to see what sticks.
A few short minutes of trying out a handful of queries gave us a router configuration file, apparently a text copy stored for backup, that included its passwords in cleartext. We also found an ftp server for a federal agency showing off a similar file, with passwords hashed but a couple of presumably valid usernames on display.
Windows Registry Files came back with a bounty of usernames and passwords, a mere 0.27 seconds after we asked Google to see what it could find. Seriously folks, saving .reg files to a public-facing directory?
A few minutes spent throwing some of those queries at one's domain may be a good use of time. Someone may have published something on a company server that shouldn't be on the Internet, and one of these queries could find it and save some problems later.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
