Please support our Tech Talk advertiser:
Featured Entry 
Feb 27th, 2008, 8:42 am
The Cult of the Dead Cow, the infamous hacking collective, has released a Google hacking utility called Goolag Scan that brings the ability to search the information engine for web-based data that is normally hidden to anyone wannabe with a web browser and half a brain. It does this by implementing something in the region of 1500 customised Google search routines to reveal application server passwords, credit card numbers, corporate email records and audit logs to name just a few examples. Sure, the ability to find this stuff is open to anyone using Google who knows what to look for and how to filter the results accordingly. Sure, the real problem is the companies who have not properly secured the data in the first place so making it available for such searching. But let's be honest, the Cult of the Dead Cow sure ain't helping matters.
"Advanced Google searching has been known about in security circles for some time, but it has been a highly specialised and technical topic that is definitely not for non-programmers" says Calum Macleod, European director at encryption experts Cyber Ark, who adds "A lot of companies protect their Web-based and Internet gateway- accessible data using ID and password systems, but the actual data pages are often unprotected. Even though the pages are not indexed in the standard sense, Goolag Scan can prise the data out into the open and allow standard keyword searching on those pages."
The Cult of the Dead Cow will say that it is releasing this utility, which has been in use within the group for three years apparently, in order to get people thinking about whether online data storage is a good idea, to get them thinking about web based security more seriously.
That sounds awfully akin to getting people to take road safety more seriously by providing imbecile joy riders with a tank and pointing them in the direction of a school at going home timeā¦
"Advanced Google searching has been known about in security circles for some time, but it has been a highly specialised and technical topic that is definitely not for non-programmers" says Calum Macleod, European director at encryption experts Cyber Ark, who adds "A lot of companies protect their Web-based and Internet gateway- accessible data using ID and password systems, but the actual data pages are often unprotected. Even though the pages are not indexed in the standard sense, Goolag Scan can prise the data out into the open and allow standard keyword searching on those pages."
The Cult of the Dead Cow will say that it is releasing this utility, which has been in use within the group for three years apparently, in order to get people thinking about whether online data storage is a good idea, to get them thinking about web based security more seriously.
That sounds awfully akin to getting people to take road safety more seriously by providing imbecile joy riders with a tank and pointing them in the direction of a school at going home timeā¦
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 2,389 views, 1 comment, and 24 linkbacks. 2 voters have rated this entry an average of 5 out of 5 stars. It was promoted to featured status Feb 27th, 2008.
•
•
•
•
advertising apple botnet browser business copyright crime data development email europe facebook firefox forensic gaming google hacking hardware ibm internet iphone ipod it law legal linux malware marketing microsoft mobile mozilla news privacy research search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Comments (Newest First)
jwenting | duckman | Feb 27th, 2008
•
•
•
•
it's a group of computer criminals...
They're releasing it as a piece of advertising, trying to draw in buyers for their services.
If they're releasing what they've been using themselves before that only means they've got something more powerful already and/or have mined it dry themselves already so it's got no economic value left for them.
They're releasing it as a piece of advertising, trying to draw in buyers for their services.
If they're releasing what they've been using themselves before that only means they've got something more powerful already and/or have mined it dry themselves already so it's got no economic value left for them.
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- It's True -- Some People Want You Kept in the Dark (16 Hours Ago)
- Virtual physios to soothe stroke recovery (1 Day Ago)
- AMDS Gloomy Future. (1 Day Ago)
- iPhone Girl is so not fired (2 Days Ago)
- ASA bites Apple over misleading iPhone ads (2 Days Ago)
- Don't Allow Security Breaches to Rip Your Britches (3 Days Ago)
- Internet Speed Tests Provide Misleading Results (4 Days Ago)
- Microsoft's Photosynth Will Fail (4 Days Ago)
- Swedes test faultless iPhone 3G and surprisingly find no faults (4 Days Ago)
- Redhat and Fedora Servers breached (5 Days Ago)
