This article can also be found in the Premium Editorial Download "Information Security magazine: Captive to SOX compliance? A compliance guide for managers."
Download it now to read this article plus other related content.
A simple search can expose security secrets. Black hats are aware of it. Are you?
More information from SearchSecurity.com
Learn how to Google hack your business before black hats do.
Our glossary definition of Google hacking provides basic preventative measures.
Visit our resource center for tips and expert advice on hacking tools and techniques.
Yes, that's an actual term. Haven't heard of it? Well, it's about time you did. Googledork refers to anyone who has unknowingly exposed sensitive information on the Web, enabling search engines to index material that wasn't intended for public consumption.
Are you a Googledork? Are your coworkers? Think long and hard. Then do a pen test to make sure you and your company are in the clear. You might be surprised at what you find.
Google hacking--the practice of using specially crafted search engine queries to cull information about a target--is now a feather in virtually every black hat's cap. They're pulling off real intrusions, using real information gleaned from the simplest of queries on Google and other search engines to attack unsuspecting companies. And, they do it without leaving a trace.
What should worry CISOs most? There's the troubling fact that you may be unaware that your company's sensitive information is a sitting duck on the Internet. Just as disturbing, though, is the alarming simplicity with which these hacks can be executed. All the tools to pull off a successful Google hack are readily available on the Internet.
Security practitioners are starting to learn that this is more than silly Web gibberish. If it's your job to secure information, being a Googledork could land you in the unemployment line. You can't be in the dark about this phenomenon...or how to keep from falling prey to it.
This was first published in March 2006