Tuesday, May 23, 2006

Nation Wide Google Hacking Initiative

The idea of doing reconnaissance for the purpose of pen testing or malicious activity through google hacking, has already reached levels of automation -- the problem is how the threat gets often neglected by those that actually suffer from a breach later on. I came across to an article pointing out that :



"Anyone who wants to hack into sensitive information on New Zealand internet sites might be pleased to know it can be as easy as typing keywords into a Google search. Researchers at Massey University’s Albany campus say the country’s websites are more vulnerable to "Google hacking" than anywhere else in the world. University Information and Mathematical Sciences Institute senior lecturer Dr Ellen Rose and graduate student Natalia Nehring recently completed a study into the topic."



Not exactly a type of cyberterrorism exercise such as the most recent DigitalStorm, but it's logical to conclude that if someone takes the time and effort to data mine the web, localize the attack like in this case, a lot will be revealed. In a recent article, CSOonline goes in-depth into the security implications posed by Google. I once had a chat with Johnny Long on many topics, among the "few", of course, was google hacking. He made a good point on saying that it's whatever you actually do with the results that matters most, and how diverse is the threat -- by googling your lights off for instance.


What you should keep in mind is that it isn't Google to blame, the way "Improving the Security of Your Site by Breaking Into it" provoked awareness, and not damage. Think the problem isn't big of a shot -- gather some intelligence by yourself through the Google Hack Honeypot project.