Steal this Computer Book 4.0: Prevent Google hacking

Steal This Computer Book 4.0 Wallace Wang 384 pages; $29.95 No Starch Press

Then try Google hacking your own Web server and see what you find. You may be surprised at how much information Google may already know about your server and how vulnerable you computer might really be.

Search engines like Google constantly troll different Web sites and store the files they find in a storage area called the cache. Once your Web site's files have been stored in Google's (or some other search engine's) cache, anyone can view them by using the cache operator. For example, if you want to view pages that were previously displayed by a Web site, you can use the cache operator followed by the Web site address, as shown below:

For More Information Learn how attackers use war dialing, port scanning other hacking techniques to infiltrate your network. Protect your business from a Google hack. Visit our resource center for news, tips and expert advice on how to defend against the latest hacking tools and techniques.

cache:cnn.com

This Google query will show you the Web pages currently stored on Google for the CNN.com Web site. These pages will remain in Google's cache until the next time Google refreshes it cache by visiting the CNN.com Web site, even if CNN.com has removed or altered the pages in the meantime.

Google, like most search engines that regularly "crawl" the Internet to find Web sites to index, follow certain rules when visiting Web sites. One of those rules is that Web site administrators can create a special robots.txt file that specifies which parts of the Web site the search engine should not explore and store in its cache. So if there are sensitive files on your computer that you don't want others to see, you can create a robots.txt file to tell Google not to index them. (Of course, it's much safer not to put sensitive files on your Web server computer in the first place.) To learn more about how the robots.txt file works, visit www.robotstxt.org. Just be aware that hackers can also peek at your robots.txt file to see what information you want to protect, and then they'll know exactly what type of information to look for in your computer.

Another alternative is to request that search engines (for example, Google) ignore your Web site altogether. However, while this can prevent hackers from scanning your site using the search engine, it can also keep legitimate users from finding it that way too. To request that Google remove your site from its index, follow the steps listed at www.google.com/remove.html.

Finally, visit the Google Hacking Database (GHDB) --http://johnny.ihackstuff.com -- to see how Google has exposed other Web sites to attack. You can (hopefully) thus learn how not to fall victim to the same tricks.

Every tool on the Internet can be used for good or for bad, and Google is no exception. If you run a Web site, you must learn about Google hacking in order to lock down your system's defenses. If you're just a curious and non-malicious individual, have fun experimenting with Google. You may find more than you ever imagined.

Download the full chapter to learn what other hacking tools and techniques are used to solicit an attack.

BROWSE BY TAG Enterprise Data Protection,   Enterprise Data Governance,   Information Security Laws, Investigations and Ethics,   Information Security Management,   Emerging Information Security Threats,   Information Security Threats,   Data Loss Prevention,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise Data Governance How to protect distributed information flows Interpreting 'risk' in the Massachusetts data protection law Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Emerging Information Security Threats Leverage Google Attacks to Improve Cybersecurity SCADA system, critical infrastructure security lacking, survey finds Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Information security podcasts: 2009 archive Hathaway calls for international cybercrime task force Active PDF attacks target Reader, Acrobat zero-day vulnerability Sites hit with massive automated SQL injection attack Cybercriminals invest in social networking attacks Best practices for (small) botnets

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cut-and-paste attack  (SearchSecurity.com) data masking  (SearchSecurity.com) data splitting  (SearchSecurity.com) deperimeterization  (SearchSecurity.com) Google hacking  (SearchSecurity.com) masquerade  (SearchSecurity.com) snooping  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary