0

The Cult of the Dead Cow, the infamous hacking collective, has released a Google hacking utility called Goolag Scan that brings the ability to search the information engine for web-based data that is normally hidden to anyone wannabe with a web browser and half a brain. It does this by implementing something in the region of 1500 customised Google search routines to reveal application server passwords, credit card numbers, corporate email records and audit logs to name just a few examples. Sure, the ability to find this stuff is open to anyone using Google who knows what to look for and how to filter the results accordingly. Sure, the real problem is the companies who have not properly secured the data in the first place so making it available for such searching. But let's be honest, the Cult of the Dead Cow sure ain't helping matters.

"Advanced Google searching has been known about in security circles for some time, but it has been a highly specialised and technical topic that is definitely not for non-programmers" says Calum Macleod, European director at encryption experts Cyber Ark, who adds "A lot of companies protect their Web-based and Internet gateway- accessible data using ID and password systems, but the actual data pages are often unprotected. Even though the pages are not indexed in the standard sense, Goolag Scan can prise the data out into the open and allow standard keyword searching on those pages."

The Cult of the Dead Cow will say that it is releasing this utility, which has been in use within the group for three years apparently, in order to get people thinking about whether online data storage is a good idea, to get them thinking about web based security more seriously.

That sounds awfully akin to getting people to take road safety more seriously by providing imbecile joy riders with a tank and pointing them in the direction of a school at going home time…

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

2
Contributors
1
Reply
2
Views
9 Years
Discussion Span
Last Post by jwenting
0

it's a group of computer criminals...
They're releasing it as a piece of advertising, trying to draw in buyers for their services.
If they're releasing what they've been using themselves before that only means they've got something more powerful already and/or have mined it dry themselves already so it's got no economic value left for them.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.