I don't have an answer to the responsiveness question, but I do have a piece of advice that unfortunately is like shutting the gate after the horse has bolted, but by putting this tag in a page, you tell Google not to cache... <META NAME="GOOGLEBOT" CONTENT="NOARCHIVE"> Back to business though, think about other places where cached content can be found, like archive.org. You can't go asking archive.org for all sites containing x and y and z, but it's still a useful tool. I use archive.org as part of my "background investigation stage" when I do security analysis jobs. Sometimes you find that in the early days of a company, they put stuff on their site that they wish they never did because they weren't aware of the dangers at the time. For instance, I was doing a job for a financial services company once, and they'd published their banking details on their site for a few weeks a year prior. Other similar companies were getting ripped off because they too were publishing the same kind of info, so they thought they'd be smart and clean their site up before the crims got around to them. A year later and they still hadn't been hit like the others, so they assumed they were safe. When I found the info and asked them if it was still valid, they were rather shocked. Incidentally the details were still valid. Even if the archive.org doesn't turn up extreme examples like in my example, you still get value out of familiarizing yourself with the site as it grows. Perhaps you are trying to talk your way past someone in the company, social engineering job. The more background you know, the more little things you can throw into a conversation, the easier it is to appear like you belong. I wonder if we could come up with as complete a list as possible of places someone would have to go to remove sensitive info? - google.com - archive.org - add some more... BRYAN ALLERDICE -----Original Message----- From: De Velopment [mailto:develat_private] Sent: Saturday, July 06, 2002 5:25 PM To: vuln-devat_private Subject: Re: Google lists vulnerable sites. Hello, I've been following this discussion about Google with interest. OK. So a company is caught with their "pants down" and their "Crown Jewels" are stored away in the Google Cache. They clean up their site and secure it. How responsive is Google, at that point, to removing their Cache and links to your company's sensitive pages? Best regards, Ken Parker (kparkerat_private)
This archive was generated by hypermail 2b30 : Sat Jul 06 2002 - 21:59:20 PDT