Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Hackers use Google to access photocopiers

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Hackers use Google to access photocopiers
Date: Mon, 27 Sep 2004 03:22:35 -0500 (CDT) 
http://news.zdnet.co.uk/internet/security/0,39020375,39167848,00.htm

[The Google Hacking Database (GHDB) @ http://johnny.ihackstuff.com/ 
will fill in any blanks this story is missing.   - WK]


Dan Ilett
ZDNet UK
September 24, 2004

Hackers are using search engines to watch what people photocopy. 

Using Google hacks -- requests typed into the search engine that bring 
up cached information on networks -- hackers are discovering and using 
login details for networked photocopiers so they can watch what is 
being copied. 

"You don't have to be a genius to do this," said Jason Hart, security 
director at Whitehat UK. "You can see what people are photocopying on 
your monitor. You just have to search for online devices on Google." 

Google stores billions of Web URLs and information sent from Web 
servers. Some Web servers, if configured incorrectly or left to 
default, can accidentally broadcast network information, such as IP 
addresses, login details and device information. Google, like many 
other search engines, stores this information, which can be recalled 
at any time. 

"Essentially Google caches everything on the Web," said Hart. "By 
inputting commands into Google you can extract information and use it 
as a reverse-engineering tool." 

Hackers have been using Google hacks for some time -- exploiting 
photocopiers is only a recent example of compromising online devices. 
Hackers also use the search engine to view logged conversations on the 
Google computer groups list. In these, techies often share network 
information, such as logins, and their company domain name when they 
post their email address with a message. 

Hart added: "If you look at a firm's domain you can see all their 
security questions which means you can see their network 
infrastructure. [Hackers] wait for people to come along and say: 'I've 
been put in charge of security but don?t know much. Can you help me?' 
The hacker helps out and gets their trust until they get the passwords 
to the firewalls." 

Hart advised that security staff should regularly check Google for 
cached information on their firms' domain names. He said that if using 
public forums to solve problems, participants should sign in using an 
anonymous e-address. 

"You can ask Google to take certain information off its site," said 
Hart. "It's always worth taking a look at. It's a simple check, but 
worthwhile." 



_________________________________________
Donate online for the Ron Santo Walk to Cure Diabetes - 
http://www.c4i.org/ethan.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Hackers use Google to access photocopiers, InfoSec News <=
Previous by Date:  [ISN] Hackers tap server at Cal State Hayward, InfoSec News
Next by Date:  [ISN] JPEG/GDIplus vulnerability, InfoSec News
Previous by Thread:  [ISN] Hackers tap server at Cal State Hayward, InfoSec News
Next by Thread:  [ISN] JPEG/GDIplus vulnerability, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]