[ISN] Criminals still using Google to find flaws

From: InfoSec News <alerts_at_private>
Date: Wed, 29 Oct 2008 00:05:51 -0600 (CST)

By Jeremy Kirk
IDG News Service
28 October 2008

Search engines such as Google are still widely being used by hackers 
against web applications that hold sensitive data, according to a 
security expert.

Even with rising awareness about data security, it takes all of a few 
seconds to pluck Social Security numbers from websites using targeted 
search terms, said Amichai Shulman, founder and chief technology officer 
for database and application security company Imperva.

The fact that Social Security numbers are even on the web is a human 
error; the information should never be published in the first place. But 
hackers are using Google in more sophisticated ways to automate attacks 
against websites, Shulman said.

Shulman said Imperva recently discovered a way to execute a SQL 
injection attack that comes from an IP address that belongs to Google.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Tue Oct 28 2008 - 23:05:51 PDT

This archive was generated by hypermail 2.2.0 : Tue Oct 28 2008 - 23:13:35 PDT