Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: New google's top query?

from [Alex Keller] Network Security [Permanent Link]
Subject: Re: New google's top query?
Date: Mon, 23 Aug 2004 21:54:06 -0700 
Re: New google's top query?

this "hack" (really a numrange search) was covered at DEFCON12 (http://www.defcon.org/html/defcon-12/dc-12-index.html) and widely known before it was publicized by Johnny Long (http://johnny.ihackstuff.com/) during his talk at the conference (to his credit, he did NOT release the exact syntax BTW). following that search now will yield little sensitive info, as most of the affected sites have removed the pages that demonstrated this security breach. Google is well aware of the malicious activity that can be aided with their search engine....but they are in a bit of a predicament between notions of security and freedom; a common juxtaposition in politics, social order, and network security.

this forum at Johnny's site has plenty more search "hacks":
http://johnny.ihackstuff.com/index.php?module=prodreviews

for further investigation and vulnerability testing, check out Foundstone's SiteDigger: http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/s3i_tools.htm

Athena is another powerful Google digging tool that can expose search vulnerabilities; although i can't seem to find a working download site right now. you can grab the entire DEFCON12 iso (457MB) at:
http://130.212.20.4/admin/defcon/defcon12.iso
Athena can be found in the directory "Long".

happy Google hunting...oh yeah, don't be an idiot and use this info for evil.

-alex


other
Jérôme ATHIAS wrote:


Hi,



i don't remember to have seen this info here...



If information is knowledge and knowledge is power, then Google must be all 
powerful. I say this because of the thing you can find on Google if you know 
how to look for them. A new Google hack has come to my attention that brings 
back some information that is a bit troubling. I must say that it is also good 
for the more you know about something the better you are to act upon it. The 
hack is this:



http://www.google.com/search?q=visa+4356000000000000..4356999999999999



When this query is put into the Google search, an idea of the brut strength of 
Google becomes apparent. You can find things like this, which may worry you if 
you found your name on it.



I’m not really sure if Google knows what it can do, but they take an 
interesting stance toward their provision of data.



Regards,

Jérôme





[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Andreas Freyvogel
Next by Date:  MS XP SP2 Windows Security Center allows spoofing, Jirtme
Previous by Thread:  Re: New google's top query?, Luke Burton
Next by Thread:  Re: New google's top query?, Justin Wheeler
Indexes:  [Date] [Thread] [Top] [All Lists]