The Cult of the Dead Cow, the infamous hacking collective, has released a Google hacking utility called Goolag Scan that brings the ability to search the information engine for web-based data that is normally hidden to anyone wannabe with a web browser and half a brain. It does this by implementing something in the region of 1500 customised Google search routines to reveal application server passwords, credit card numbers, corporate email records and audit logs to name just a few examples. Sure, the ability to find this stuff is open to anyone using Google who knows what to look for and how to filter the results accordingly. Sure, the real problem is the companies who have not properly secured the data in the first place so making it available for such searching. But let's be honest, the Cult of the Dead Cow sure ain't helping matters.
"Advanced Google searching has been known about in security circles for some time, but it has been a highly specialised and technical topic that is definitely not for non-programmers" says Calum Macleod, European director at encryption experts Cyber Ark, who adds "A lot of companies protect their Web-based and Internet gateway- accessible data using ID and password systems, but the actual data pages are often unprotected. Even though the pages are not indexed in the standard sense, Goolag Scan can prise the data out into the open and allow standard keyword searching on those pages."
The Cult of the Dead Cow will say that it is releasing this utility, which has been in use within the group for three years apparently, in order to get people thinking about whether online data storage is a good idea, to get them thinking about web based security more seriously.
That sounds awfully akin to getting people to take road safety more seriously by providing imbecile joy riders with a tank and pointing them in the direction of a school at going home time…