Security analyst warns of 'Google hacking'

Look in this specific forum for newly found security threats which may not yet be covered by your usual security software

Moderators: Admin Team, Moderators

User avatar
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ

Security analyst warns of 'Google hacking'

Postby TeMerc » Tue Oct 28, 2008 8:19 am

By Jeremy Kirk, IDG News Service
October 28, 2008

Search engines such as Google are increasingly being used by hackers against Web applications that hold sensitive data, according to a security expert.

Even with rising awareness about data security, it takes all of a few seconds to pluck Social Security numbers from Web sites using targeted search terms, said Amichai Shulman, founder and chief technology officer for database and application security company Imperva.

Shulman said Imperva recently discovered a way to execute a SQL injection attack that comes from an IP (Internet Protocol) address that belongs to Google.

In a SQL injection attack, a malicious instruction is entered on a Web-based form and answered by a Web application. It often can yield sensitive information from a backend database or be used to plant malicious code on the Web page.

Shulman declined to give details on how the attack works during his presentation at the RSA Conference on Monday, but said it involves Google's advertising system. Google has been notified, he said.

Manipulating Google is particularly useful since it offers anonymity for a hacker plus an automated attack engine, Shulman said.

nwz Continued @ Info World


Who is online

Users browsing this forum: No registered users and 1 guest