Language Selection

English French German Italian Portuguese Spanish

Google now a hacker's tool

Filed under
Security

Somewhere out on the Internet, an Electric Bong may be in danger. The threat: a well-crafted Google query that could allow a hacker to use Google's massive database as a resource for intrusion.

"Electric Bong" was one of a number of household devices that security researcher Johnny Long came across when he found an unprotected Web interface to someone's household electrical network. To the right of each item were two control buttons, one labelled "on," the other, "off."

Long, a researcher with Computer Sciences Corp. and author of the book, "Google Hacking for Penetration Testers," was able to find the Electric Bong simply because Google contains a lot of information that wasn't intended to lie unexposed on the Web. The problem, he said at the Black Hat USA conference in Las Vegas last week, lies not with Google itself but with the fact that users often do not realize what Google's powerful search engine has been able to dig up.

In addition to power systems, Long and other researchers were able to find unsecured Web interfaces that gave them control over a wide variety of devices, including printer networks, PBX (private branch exchange) enterprise phone systems, routers, Web cameras, and of course Web sites themselves. All can be uncovered using Google, Long said.

But the effectiveness of Google as a hacking tool does not end there. It can also be used as a kind of proxy service for hackers, Long said.

Although security software can identify when an attacker is performing reconnaissance work on a company's network, attackers can find network topology information on Google instead of snooping for it on the network they're studying, he said. This makes it harder for the network's administrators to block the attacker. "The target does not see us crawling their sites and getting information," he said.

Often, this kind of information comes in the form of apparently nonsensical information -- something that Long calls "Google Turds." For example, because there is no such thing as a Web site with the URL (Uniform Resource Locator) "nasa," a Google search for the query "site:nasa" should turn up zero results. instead, it turns up what appears to be a list of servers, offering an insight into the structure of Nasa's (the U.S. National Aeronautics and Space Administration's) internal network, Long said.

Combining well-structured Google queries with text processing tools can yield things like SQL (Structured Query Language) passwords and even SQL error information. This could then be used to structure what is known as a SQL injection attack, which can be used to run unauthorized commands on a SQL database. "This is where it becomes Google hacking," he said. "You can do a SQL injection, or you can do a Google query and find the same thing."

Although Google traditionally has not concerned itself with the security implications of its massive data store, the fact that it has been an unwitting participant in some worm attacks has the search engine now rejecting some queries for security reasons, Long said. "Recently, they've stepped into the game."

Source.

More in Tux Machines

today's howtos

KDE: Qt, Plasma, QML, Usability & Productivity

  • Qt 5.11.1 and Plasma 5.13.1 in ktown ‘testing’ repository
    A couple of days ago I recompiled ‘poppler’ and the packages in ‘ktown’ that depend on it, and uploaded them into the repository as promised in my previous post. I did that because Slackware-current updated its own poppler package and mine needs to be kept in sync to prevent breakage in other parts of your Slackware computer. I hear you wonder, what is the difference between the Slackware poppler package and this ‘ktown’ package? Simple: my ‘poppler’ package contains support for Qt5 (in addition to the QT4 support in the original package) and that is required by other packages in the ‘ktown’ repository.
  • Sixth week of coding phase, GSoC'18
    The Menus API enables the QML Plugin to add an action, separator or menu to the WebView context menu. This API is not similar to the WebExtensions Menus API but is rather Falkonish!
  • This week in Usability & Productivity, part 24
    See all the names of people who worked hard to make the computing world a better place? That could be you next week! Getting involved isn’t all that tough, and there’s lots of support available.

Programming: Python Maths Tools and Java SE

  • Essential Free Python Maths Tools
    Python is a very popular general purpose programming language — with good reason. It’s object oriented, semantically structured, extremely versatile, and well supported. Scientists favour Python because it’s easy to use and learn, offers a good set of built-in features, and is highly extensible. Python’s readability makes it an excellent first programming language. The Python Standard Library (PSL) is the the standard library that’s distributed with Python. The library comes with, among other things, modules that carry out many mathematical operations. The math module is one of the core modules in PSL which performs mathematical operations. The module gives access to the underlying C library functions for floating point math.
  • Oracle's new Java SE subs: Code and support for $25/processor/month
    Oracle’s put a price on Java SE and support: $25 per processor per month, and $2.50 per user per month on the desktop, or less if you buy lots for a long time. Big Red’s called this a Java SE Subscription and pitched it as “a commonly used model, popular with Linux distributions”. The company also reckons the new deal is better than a perpetual licence, because they involve “an up-front cost plus additional annual support and maintenance fees.”

Linux 4.18 RC2 Released From China

  • Linux 4.18-rc2
    Another week, another -rc. I'm still traveling - now in China - but at least I'm doing this rc Sunday _evening_ local time rather than _morning_. And next rc I'll be back home and over rmy jetlag (knock wood) so everything should be back to the traditional schedule. Anyway, it's early in the rc series yet, but things look fairly normal. About a third of the patch is drivers (drm and s390 stand out, but here's networking and block updates too, and misc noise all over). We also had some of the core dma files move from drivers/base/dma-* (and lib/dma-*) to kernel/dma/*. We sometimes do code movement (and other "renaming" things) after the merge window simply because it tends to be less disruptive that way. Another 20% is under "tools" - mainly due to some selftest updates for rseq, but there's some turbostat and perf tooling work too. We also had some noticeable filesystem updates, particularly to cifs. I'm going to point those out, because some of them probably shouldn't have been in rc2. They were "fixes" not in the "regressions" sense, but in the "missing features" sense. So please, people, the "fixes" during the rc series really should be things that are _regressions_. If it used to work, and it no longer does, then fixing that is a good and proper fix. Or if something oopses or has a security implication, then the fix for that is a real fix. But if it's something that has never worked, even if it "fixes" some behavior, then it's new development, and that should come in during the merge window. Just because you think it's a "fix" doesn't mean that it really is one, at least in the "during the rc series" sense. Anyway, with that small rant out of the way, the rest is mostly arch updates (x86, powerpc, arm64, mips), and core networking. Go forth and test. Things look fairly sane, it's not really all that scary. Shortlog appended for people who want to scan through what changed. Linus
  • Linux 4.18-rc2 Released With A Normal Week's Worth Of Changes
    Due to traveling in China, Linus Torvalds has released the Linux 4.18-rc2 kernel a half-day ahead of schedule, but overall things are looking good for Linux 4.18.