[ISN] Hackers turn Google into vulnerability scanner

From: InfoSec News (alerts@private)
Date: Mon Feb 25 2008 - 01:30:45 PST


http://www.techworld.com/security/news/index.cfm?newsID=11513

By Matthew Broersma
Techworld
22 February 2008

The hacking group Cult of the Dead Cow (CDC) this week released a tool 
that turns Google into an automated vulnerability scanner, scouring 
websites for sensitive information such as passwords or server 
vulnerabilities.

CDC first achieved notoriety ten years ago with its backdoor Back 
Orifice, which demonstrated in a highly public way just how easy it was 
to take unauthorised control of a Windows PC.

The new tool, called Goolag Scan [1], is equally provocative, making it 
easy for unskilled users to track down vulnerabilities and sensitive 
information on specific websites or broad web domains.

This capability should serve as a wake-up call for system administrators 
to run the tool on their own sites before attackers get around to it, 
according to CDC.

"It's no big secret that the Web is the platform, and this platform 
pretty much sucks from a security perspective," said CDC spokesperson 
Oxblood Ruffin, in a statement. "We've seen some pretty scary holes 
through random tests with the scanner in North America, Europe, and the 
Middle East. If I were a government, a large corporation, or anyone with 
a large website, I'd be downloading this beast and aiming it at my site 
yesterday."

The tool is a stand-alone Windows .Net application, licensed under the 
open source GNU General Public License, that provides about 1,500 
customised searches under categories such as "vulnerable servers," 
"sensitive online shopping information" and "files containing juicy 
information."

The results are displayed as a list of links that can be opened directly 
in a browser. Example results include tell-tale error messages and Java 
applets for the remote control of surveillance cameras, according to 
CDC.

Goolag Scan is based on "Google hacking," the practice of exposing 
vulnerabilities via Google, which CDC says has been pioneered by a 
hacker going by the handle "Johnny I Hack Stuff. [2]"

Goolag Scan is, however, the first time such vulnerability searches have 
been built into a simple tool, according to CDC.

[1] http://www.goolag.org/
[2] http://johnny.ihackstuff.com/ghdb.php


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Mon Feb 25 2008 - 01:41:14 PST