Steal this Computer Book 4.0: Prevent Google hacking

Steal This Computer Book 4.0 Wallace Wang 384 pages; $29.95 No Starch Press

Then try Google hacking your own Web server and see what you find. You may be surprised at how much information Google may already know about your server and how vulnerable you computer might really be.

Search engines like Google constantly troll different Web sites and store the files they find in a storage area called the cache. Once your Web site's files have been stored in Google's (or some other search engine's) cache, anyone can view them by using the cache operator. For example, if you want to view pages that were previously displayed by a Web site, you can use the cache operator followed by the Web site address, as shown below:

For More Information Learn how attackers use war dialing, port scanning other hacking techniques to infiltrate your network. Protect your business from a Google hack. Visit our resource center for news, tips and expert advice on how to defend against the latest hacking tools and techniques.

cache:cnn.com

This Google query will show you the Web pages currently stored on Google for the CNN.com Web site. These pages will remain in Google's cache until the next time Google refreshes it cache by visiting the CNN.com Web site, even if CNN.com has removed or altered the pages in the meantime.

Google, like most search engines that regularly "crawl" the Internet to find Web sites to index, follow certain rules when visiting Web sites. One of those rules is that Web site administrators can create a special robots.txt file that specifies which parts of the Web site the search engine should not explore and store in its cache. So if there are sensitive files on your computer that you don't want others to see, you can create a robots.txt file to tell Google not to index them. (Of course, it's much safer not to put sensitive files on your Web server computer in the first place.) To learn more about how the robots.txt file works, visit www.robotstxt.org. Just be aware that hackers can also peek at your robots.txt file to see what information you want to protect, and then they'll know exactly what type of information to look for in your computer.

Another alternative is to request that search engines (for example, Google) ignore your Web site altogether. However, while this can prevent hackers from scanning your site using the search engine, it can also keep legitimate users from finding it that way too. To request that Google remove your site from its index, follow the steps listed at www.google.com/remove.html.

Finally, visit the Google Hacking Database (GHDB) --http://johnny.ihackstuff.com -- to see how Google has exposed other Web sites to attack. You can (hopefully) thus learn how not to fall victim to the same tricks.

Every tool on the Internet can be used for good or for bad, and Google is no exception. If you run a Web site, you must learn about Google hacking in order to lock down your system's defenses. If you're just a curious and non-malicious individual, have fun experimenting with Google. You may find more than you ever imagined.

Download the full chapter to learn what other hacking tools and techniques are used to solicit an attack.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise Data Protection Web 2.0 and e-discovery: Risks and countermeasures Screencast: Recovering lost data with WinHex Countermeasures against targeted attacks in the enterprise Websense, Reconnex top Forrester ranking of DLP vendors Are open recursive DNS servers inherently insecure? Penetration testing: Helping your compliance efforts Worst practices: Learning from bad security tips The ins and outs of database encryption RSA attendees see data classification, rights management projects stumble Worst practices: Encryption conniptions Information Security Laws, Investigations and Ethics Learn from NIST: Best practices in security program management Data breach laws have no effect on prevention, researchers say Botnet disruption raises ethical concerns among researchers Disclosure Laws Fail as an Incentive to Secure Data Government and cybersecurity Security Learning its Role in E-Discovery E-Discovery Compliance Requires Security Pros to Think As Lawyers Do House legislators rip Bush's Cyber Initiative plan FISA: Telecoms will continue wiretap cooperation -- for now Federal government falling short on cybercrime Emerging Information Security Threats Hidden endpoints: Mitigating the threat of non-traditional network devices Has proof-of-concept mobile device malware translated into any meaningful attacks? Web threats, compromised websites skyrocket Adobe Flash Player flaw previously patched, Symantec says Adobe zero day flaw being actively exploited in wild When will attackers go mobile? New wave of SQL injection attacks alarm researchers Kaminsky on DNS rebinding attacks, hacking techniques Face-Off: Is vulnerability research ethical? New SQL injection technique threatens Oracle databases

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cut-and-paste attack  (SearchSecurity.com) data splitting  (SearchSecurity.com) deperimeterization  (SearchSecurity.com) Google hacking  (SearchSecurity.com) masquerade  (SearchSecurity.com) snooping  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary