Using Google to search for security holes in websites
January 11, 2005
SiteDigger 2.0 searches for information about a site's security features by sending specific queries to Google's database. Known as Google hacking, such queries can turn up easily exploitable security holes and some sensitive information, including such things as credit card numbers and user account information.
The free service should help Webmasters stay informed about what information is out there regarding their sites, said Chris Prosise, vice president of worldwide professional services for security technology company McAfee.
Montreal Web Design will build a great-looking site for your business
"We built this tool really as an awareness tool," Prosise said, adding that SiteDigger highlights problems that Webmasters might otherwise not know about. "As a victim, you would never really know that someone was using this information."
SiteDigger does not discern whether the person using it is an authorised administrator of the site or a potential attacker looking for weaknesses. Prosise agreed that this means the tool could be used against a site, but pointed out that Google requires that any user of an automated service sign up with its Web services development program.
Recently, the Santy worm used Google queries to find potentially vulnerable computers, which the program would then try to infect with its code. Several other tools have been created by other research groups to comb for flaws using Google's database.
Google could not immediately be reached for comment on SiteDigger. Johnny Long, a senior engineer at Computer Sciences Corp. and author of the book "Google Hacking for Penetration Testers," said such tools are necessary for Web administrators to keep their sites safe.
"There is no way for a security team to stay on top of Google without automation," he said. "They can't spend all the time trolling through Google."
Long maintains a site of more than 800 signatures of common security problems that can be searched for with Google. SiteDigger and other tools use the signatures to query the search engine for the problems.
Get the best Linux or Windows Web hosting plan for your website.
While stressing that SiteDigger benefits Web sites with knowledgeable security personnel--usually the larger sites--Long acknowledged that smaller, less security-conscious sites would likely be at a disadvantage against potential attackers. Such sites typically aren't aware of the threats posed by Google hacking.
"The little guys are going to lose whenever a new tool comes out," he said. "The smaller site you are, the more you have to worry about."
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing