- Protecting yourself from a new online scam
- Diary of a deliberately spammed housewife
- Silly Internet traditions: A concise history
- How to avoid laptop loss at the airport
- Top 10 worst uses for Windows
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Johnny Long says he has never met a Google employee. And yet he is at the center of a community of security experts and search engine enthusiasts that might be developing some of the most interesting uses of Google technology today.
For the past 10 years, Long has made his living as a penetration tester, a "white hat" hacker who is asked to break into computer systems to test their security vulnerabilities.
His johnny.ihackstuff.com Web site is the starting point for anyone looking to turn Google into a hacker's tool. At its heart is a repository of sneaky queries called the Google Hacking Database, which got its start nearly six years ago, when Long posted a few of what he refers to as "funny, or interesting, or dangerous," Google queries in the Internet.
Initially, Long, who goes by the name Johnny Hax, did not expect the idea of using Google to break into computer networks to attract any kind of serious study.
"It was sort of a joke actually," he says. "The whole Google hacking thing was supposed to be tongue-in-cheek, because I knew that the real hackers would get their feathers all ruffled."
Instead of being bent out of shape, the hackers were intrigued, and Long's Google hacking community now boasts nearly 60,000 members.
At the recent Black Hat security conference in Las Vegas, Long's talk on Google hacking was a standing-room-only affair, and the Google Hacking Database now stands at about 1,500 queries.
"It evolved into this very visible thing," says Long, a researcher with Computer Sciences Corp. and author of Google Hacking for Penetration Testers. "The sheer weight and breadth of the stuff that we dug up just made people go, 'Wow.'"
Long, who talks about his Google hacks with a comic's timing and a laid-back style, says that he has always been a hacker at heart. He claims to have legitimately broken into hundreds of computer networks in his capacity as a professional security researcher, a job he came to only after abandoning his "wear a stupid suit and climb the corporate ladder phase."
The list of what Long and his fellow Google hackers have been able to dig up is impressive: passwords, credit card numbers and unsecured Web interfaces to things like PBXs, routers and Web sites.
Hackers also use Google for reconnaissance. One of the most basic techniques is to wait for a major security bulletin and then use Google to search for Web sites that are "powered by" the buggy software. Attackers can also map out computer networks using Google's database, making it impossible for the networks' administrators to block the snooper.
- on-demand, instant resourcing: you can request 200 new compute instances and you can get them, there...- Craig Balding
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comments (1)
Google hackingBy Anonymous on December 17, 2006, 7:06 amNice,i'm interested in being a very good black hat.I already have your book on google hacking for penetration testers Compton
Reply | Read entire comment
View all comments