Google hacking increasingly effective

By

Google is the search engine of choice for both consumers and hackers, according to infosec experts.

 

This method not only provides the attacker with a free automated attack tool that preserves his anonymity, it also enables him to penetrate more deeply. many applications defend against similar attacks by refusing unauthorised, unauthenticated requests.

However, the Google bots are both, and allow the hacker a deeper level of application access automatically."

Shulman, presenting 'Google-Hacking and Google-Shielding', told RSA delegates that his team and Google were working on closing the loophole.

Another attack made possible by search engines is 'masking' where smaller business sites can be removed from top search rankings by an attack that uses proxy sites to display duplicated content. If there are enough of these proxies, Google can assume that the original site is a copy, and penalise it by removing it from its rankings.

See original article on scmagazineuk.com


Google is the search engine of choice for both consumers and hackers, according to infosec experts.

Amichai Shulman, co-founder and CTO, Imperva, said: “Google can be used as an extremely powerful automated attack tool, and attacks that in 2004 were science fiction are now painful facts.

"Unfortunately, although we have seen attacks using Google increase massively since January this year, their effectiveness shows no signs of dropping.”

Shulman explained that search engines could be used to perform a variety of online attacks. The engine can be used to automatically search for vulnerabilities, and this functionality has been increasingly exploited by worms, dubbed Google worms.

This allows the worm to operate far more effectively, as it already knows which areas of which specific sties are vulnerable to specific attacks. This minimises the worms' network footprint, and makes detection more difficult.

Additionally, a functionality within Google Advertising – Shulman refused to disclose more details – allows an attacker to issue structured SQL queries to target sites. This is particularly worrying, said Shulman.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
effectivegooglehackingincreasinglysecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?