Security Tips for Google Hacking Essay Sample

Google
• Google
– It was created by two cats. – They have tonss of money now. – Motto: Do no immorality. – Goal: “Organize the world’s information and do it universally accessible and useful”

Choping?
• Google hacking is non choping Google. • Google hacking is utilizing Google in originative ways to happen bang-up choice morsels.

We care when:
• Google can be used to compromise the security of:
– An constitution ( i. e. our university ) – An person

Google operators
• Used to do hunts less equivocal • Some of the more utile operators: – site ( e. g. site: uiowa. edu ) – intitle/allintitle – inurl – filetype

Searching scheme
• Search for phrases where possible. • Use advanced operators to your advantage. • Make hunts every bit specific as possible to narrow consequences. – If the hunt is excessively specific. Try utilizing a more generic hunt. and the refine it.

Be good!
• The information in the undermentioned hunts. and from Google choping in general. has the possibility of being used for malicious intents. This presentation is delivered for exemplifying intents. non as a manner of enabling illegal and/or harmful actions. However. it is our hope that this presentation enables decision makers to turn up and decide insecurities in their environments.

Menaces to constitutions -examples
• intext: ”Tobias Oetiker” “traffic analysis” site: edu • filetype: log site: edu “set watchword for“ • filetype: config OR filetype: conf site: edu – Google Search

And. because Jason Alexander went to Iowa State…
• site: iastate. edu intitle: ”index of” modified

Creepy Sycophants: Worms and Spiders
• There has already been a worm that harvested email reference from google hunts in order to distribute. • A plan could question for waiter specific messages to seek for vulnerable waiters.

Creepy Crawlers ( cont. )
• A plan could seek for user information. and salvage consequences that seem relevant for subsequently review by an individuality stealer. • One could even recite waiters in a sphere by making a site: sphere. com hunt and parsing URLs for waiter names.

Protecting Ourselves
• Do non come in personal information in public countries. • Turn off directory listings! ! ! • Change default waiter mistake strings/replies and plan names. • Use a automatons. txt file.

Prevent Directory Browsing – IIS
• Include “index. html” in the directory. • IIS – Turn off/manage Directory Browsing – hypertext transfer protocol: //support. microsoft. com/kb/313075/ EN-US/

Prevent Directory Listings Apache
• Apache
Options –Indexes

– Use. htaccess for single directories. – hypertext transfer protocol: //httpd. Apache. org/

automatons. txt file
• A automatons. txt file is a manner to maintain hunt engines’ spiders from indexing specified parts of a site. User-agent: * Disallow: /directory/ – hypertext transfer protocol: //www. robotstxt. org

Changing defaults
• Change the default file name of applications if plausible. • Consider utilizing mod_headers with Apache or IISLockDown with IIS to alter default streamers. • Consider altering default mistake pages.

Future menaces?
• More intelligent/devious plans designed to reap information? • Uniting the power of facial acknowledgment package and Google’s image hunt? • Using maps. Google. com to acquire a ocular of a person’s place.

Resources

• “Dangerous Google – Searching for Secrets” – World Wide Web. hakin9. org/en • Google Hacking for Penetration Testers – books 24?7 World Wide Web. lib. uiowa. edu • hypertext transfer protocol: //johnny. ihackstuff. com/ • World Wide Web. Google. com