July 29th, 2011 by Tim Greenhalgh
As we move towards virtualisation and the Cloud, security issues continue to challenge IT teams across the globe. As an adjunct, the topic of search engine hacking is once again front of mind.
I’m indebted to Michael S. Mimoso, Editorial Director of the Security Media Group at TechTarget, including Information Security magazine, who has published a comprehensive post on the threat, which is known more generally as Google hacking.
Michael says: “The ease with which a well-constructed search query can dredge up troves of passwords, corporate documents or gigabytes of MP3s isn’t likely to surprise a security manager. Yet, there are very few enterprise security organisations that dedicate resources to as it’s more commonly known.”
In response, Fran Brown and Rob Ragan, researchers with security consulting and services firm Stach and Liu will release more than 20 new Google hacking tools next week at the 2011 Black Hat Briefings in Las Vegas from Sunday to Tuesday (30 July – 2 August).
These tools include customized alerts that security teams can turn on their specific domains and perform real-time queries against sites as soon as Google and other search engines index them.
The researchers’s extension of these defensive tools helps security organisations determine whether sites are leaking corporate or customer data or if there are other critical vulnerabilities.
I tip my black hat to them.