Scott Granneman, 2004-03-09
Google is in many ways the most useful tool available to the bad guys, and the most dangerous Web site on the Internet for many, many thousands of individuals and organizations.
Colapse all |
Post comment
Googling Up Passwords (and P2P networks)
2004-03-10
JD
JD
Hi,
This issue is also present in P2P networks. You only have to search for known files (htpasswd, pwd...) and you will get interesting results. People wants more download rate and share _all_ their hard disk.
The problem here is to match the downloaded file with the server's ip address. No pr...
[ more ] [ reply ]
This issue is also present in P2P networks. You only have to search for known files (htpasswd, pwd...) and you will get interesting results. People wants more download rate and share _all_ their hard disk.
The problem here is to match the downloaded file with the server's ip address. No pr...
[ more ] [ reply ]
Googling Up Passwords
2004-03-10
BCat (1 replies)
BCat (1 replies)
As always, an awesome article Scott.
Many of the good guys - users and techies alike - are unaware of both how to effectively utilize search capabilities. The bad guys however know it inside out.
Your recent articles have focussed on things that people really need to know. Those of us who wo...
[ more ] [ reply ]
Many of the good guys - users and techies alike - are unaware of both how to effectively utilize search capabilities. The bad guys however know it inside out.
Your recent articles have focussed on things that people really need to know. Those of us who wo...
[ more ] [ reply ]
Googling Up Passwords
2004-03-10
Anonymous (1 replies)
Anonymous (1 replies)
I have to agree, this is an excellent article. I've been using this tactic for a while myself, and it's going to be nice to direct the PHB and clueless business users to this article the next time they leave sensitve information on the Webserver....
[ more ] [ reply ]
[ more ] [ reply ]
Googling Up Passwords
2004-03-11
Anonymous (1 replies)
Anonymous (1 replies)
I can't help but feeling that some warning should be sent to some of the sites vulnerable to this.
I know the concept is known, but even clicking the google search link provided in the article results in multiple password files and scripts containing passwords to web administration interfaces and...
[ more ] [ reply ]
I know the concept is known, but even clicking the google search link provided in the article results in multiple password files and scripts containing passwords to web administration interfaces and...
[ more ] [ reply ]
Re: Googling Up Passwords
2006-03-31
Anonymous
Anonymous
I can't help but comment that makeing it easier for "script kiddies" and other low level crackers to get in to stupidly vulnerable sites is a service. They are much more likly to do something that will get them caught or at least make it obvious that the site was cracked. If you leave the easy prey ...
[ more ] [ reply ]
[ more ] [ reply ]
Googling Up Passwords
2004-03-11
Anonymous
Anonymous
It should be noted here that all web servers should disallow viewing of directory indexes unless absolutely necessary.
This can be accomplished, for apache, by removing any instances of:
`Options Indexes' within your httpd.conf file.
The files within the directory will still exist and be publ...
[ more ] [ reply ]
This can be accomplished, for apache, by removing any instances of:
`Options Indexes' within your httpd.conf file.
The files within the directory will still exist and be publ...
[ more ] [ reply ]
Googling Up Passwords
2004-03-11
Oscar (1 replies)
Oscar (1 replies)
While I do agree that this is an excellent article, I would be willing to bet that a significant number of the apparently insecure machines that are revealed using Google are honeypots or otherwise deliberately left insecure. We may very well see a great increase in attacks on those sites in the n...
[ more ] [ reply ]
[ more ] [ reply ]
Googling Up Passwords
2004-03-11
Anonymous (1 replies)
Anonymous (1 replies)
I can confirm that as far as password files in directory listings, they are not honeypots.
I wouldn't be surprised if there are more than a couple defaced sites out there due to information posted within.
So in the case where the victim's site is hosted by another company could fault be placed...
[ more ] [ reply ]
I wouldn't be surprised if there are more than a couple defaced sites out there due to information posted within.
So in the case where the victim's site is hosted by another company could fault be placed...
[ more ] [ reply ]
Googling Up Passwords
2004-03-12
DRUIDSIX
DRUIDSIX
Gee Scott, perhaps that's point. When was the last time you went to such sites and broke into something else? Since jan. 20, 2001., people whom do, do so at their own peril. A large number of people are tracking everything cyber. Not all of them are .gov
and when cyber crime goes undetected by .gov...
[ more ] [ reply ]
and when cyber crime goes undetected by .gov...
[ more ] [ reply ]
Google is searcher engine or spy !?
2004-03-13
CRKCHAT (1 replies)
CRKCHAT (1 replies)
I found a lot of security hole about weak sites and others in google.why google show some page's asp code!?
by this way hackerz can do their works easier.
I Love Google !!!...
[ more ] [ reply ]
by this way hackerz can do their works easier.
I Love Google !!!...
[ more ] [ reply ]
Googling Up Passwords
2005-08-24
Anonymous (1 replies)
Anonymous (1 replies)
Re: Googling Up Passwords
2006-04-06
Anonymous
Anonymous
no it is not a A+ operator because much of the crimes taking place in india are because of google.and must take some actions against this.technology is becoming a curse because of this.the latest news about google was that it is not providing the common sites to the govt. because of privacy how this...
[ more ] [ reply ]
[ more ] [ reply ]
This particular column provides interesting information on the concept of "Google Hacks". Although most readers will probably already be much aware of the advanced search options in Google (or o...
[ more ] [ reply ]