Google: A Hacker's Best Friend

wefancyu · 11-19-2004, 12:33 PM

I found this quite interesting, never try to "hack" yet but it does help you understand more about google and security....at least i think so...

Quote:

Google: A Hacker's Best Friend

In the last few years a number of news articles appeared that warned of the fact that hackers (or
crackers if you will) make use of the google search engine to gain access to files they shouldn't be
allowed to see or have access to. This knowledge is nothing new to some people but personally I have
always wondered how exactly a thing like this works. VNUnet’s James Middleton wrote an article in
2001 talking about hackers using a special search string on google to find sensitive banking data:
"One such posting on a security newsgroup claimed that searching using the string 'Index of /
+banques +filetype

ls' eventually turned up sensitive Excel spreadsheets from French banks. The
same technique could also be used to find password files"[1]
Another article that appeared on wired.com told us how Adrian Lamo, a hacker who made the news
often the last couple of years, explained that google could be used to gain access to websites of big
corporations.
“For example, typing the phrase "Select a database to view" -- a common phrase in the FileMaker Pro
database interface -- into Google recently yielded about 200 links, almost all of which led to FileMaker
databases accessible online.”[2]
These articles kept on coming up in the online news. U.S. Military and Government websites were
vulnerable because admin scripts could be found using google, medical files, personal records,
everything suddenly seemed just one google search away. But these articles seemed to show up once
every half year and always talked about it as if it was something new. Another thing was, the articles
never explained how one would actually go about doing this. Almost never an example of a search
string was given. The last time I read one of these articles I decided it was time to find out for myself,
whether google actually could do all they say it can. The following is a report of my findings and a
description of some techniques and search strings one could use.

Andy edit: Please shorten the quote used and provide a link back the original one, thanks! =)

http://info-x.co.uk/docview.asp?id=91

Arisna · 11-22-2004, 02:21 PM

Frankly, this is the fault of webmasters who don't permission/protect files correctly, perhaps even more so than that of the hackers who pull this stuff.

wefancyu · 11-23-2004, 12:38 AM

yep, just try to alert fellow webmasters the danger...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Easy friend	camiliao	Friendship	5	09-04-2007 07:48 AM
Emailed My Friend	kane.tewaaka	Friendship	0	10-12-2006 01:59 AM
Is there is any way to hide friend list	IndianSammy	Social Networking	1	07-15-2006 10:49 AM
How to delete a friend	malapati	Social Networking	1	12-12-2004 10:08 AM

11-22-2004, 02:21 PM	#2 (permalink)
Arisna Senior Googler Join Date: Jun 2004 Posts: 125 Thanks: 0 Thanked 0 Times in 0 Posts	Frankly, this is the fault of webmasters who don't permission/protect files correctly, perhaps even more so than that of the hackers who pull this stuff.

11-23-2004, 12:38 AM	#3 (permalink)
wefancyu Senior Googler Join Date: Oct 2004 Location: UK Posts: 146 Thanks: 0 Thanked 0 Times in 0 Posts	yep, just try to alert fellow webmasters the danger...

GoogleCommunity Sponsor
Use coupon "forum" for 50% Off!


Sponsored Links