A malicious user can use the ultra-popular search website – or one that operates like it – to find vulnerabilities in corporate sites more quickly than had previously been possible, hacking expert Johnny Long has said.
Long has detailed "Google hacking" on his website, including 14 ways a malicious user can hack into a site using Google and a list of organizations with sites that can be hacked in that way. Long has called the later group "googledorks."
"The Google search engine found at www.google.com offers many different features including language and document translation, web, image, newsgroups, catalog and news searches and more," Long said in his advisory on Google on his website. "These features offer obvious benefits to even the most uninitiated web surfer, but these same features allow for far more nefarious possibilities to the most malicious internet users, including hackers, computer criminals, identity thieves and even terrorists."
Nick Galea, chief executive officer of Acunetix, said in a statement that his company was working to defend against "Google hacking now that "applications are now the prime target for hackers."
"A quick hack of a vulnerable web application can give instant access to valuable data such as customer credit cards and employee social security numbers," he said. "New hacking techniques emerge every day. Auditing one's web applications should be the No. 1 security concern for every enterprise."