logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 317 days ago
Via: http://lists.jammed.com | Tags: isn hackers turn google vulnerability scanner comments Discuss  


http://www.techworld.com/security/news/index.cfm?newsID=11513



By Matthew Broersma

Techworld

22 February 2008



The hacking group Cult of the Dead Cow (CDC) this week released a tool

that turns Google into an automated vulnerability scanner, scouring

websites for sensitive information such as passwords or server

vulnerabilities.



CDC first achieved notoriety ten years ago with its backdoor Back

Orifice, which demonstrated in a highly public way just how easy it was

to take unauthorised control of a Windows PC.



The new tool, called Goolag Scan [1], is equally provocative, making it

easy for unskilled users to track down vulnerabilities and sensitive

information on specific websites or broad web domains.



This capability should serve as a wake-up call for system administrators

to run the tool on their own sites before attackers get around to it,

according to CDC.



"It's no big secret that the Web is the platform, and this platform

pretty much sucks from a security perspective," said CDC spokesperson

Oxblood Ruffin, in a statement. "We've seen some pretty scary holes

through random tests with the scanner in North America, Europe, and the

Middle East. If I were a government, a large corporation, or anyone with

a large website, I'd be downloading this beast and aiming it at my site

yesterday."



The tool is a stand-alone Windows .Net application, licensed under the

open source GNU General Public License, that provides about 1,500

customised searches under categories such as "vulnerable servers,"

"sensitive online shopping information" and "files containing juicy

information."



The results are displayed as a list of links that can be opened directly

in a browser. Example results include tell-tale error messages and Java

applets for the remote control of surveillance cameras, according to

CDC.



Goolag Scan is based on "Google hacking," the practice of exposing

vulnerabilities via Google, which CDC says has been pioneered by a

hacker going by the handle "Johnny I Hack Stuff. [2]"



Goolag Scan is, however, the first time such vulnerability searches have

been built into a simple tool, according to CDC.



[1] http://www.goolag.org/

[2] http://johnny.ihackstuff.com/ghdb.php





___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security