- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
The hacking group Cult of the Dead Cow (CDC) this week released a tool that turns Google into an automated vulnerability scanner, scouring Web sites for sensitive information such as passwords or server vulnerabilities.
CDC first achieved notoriety ten years ago with its backdoor Back Orifice, which demonstrated in a highly public way just how easy it was to take unauthorized control of a Windows PC.
The new tool, called Goolag Scan, is equally provocative, making it easy for unskilled users to track down vulnerabilities and sensitive information on specific Web sites or broad web domains.
This capability should serve as a wake-up call for system administrators to run the tool on their own sites before attackers get around to it, according to CDC.
"It's no big secret that the Web is the platform, and this platform pretty much sucks from a security perspective," said CDC spokesperson Oxblood Ruffin, in a statement. "We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large Web site, I'd be downloading this beast and aiming it at my site yesterday."
The tool is a stand-alone Windows .Net application, licensed under the open source GNU General Public License, that provides about 1,500 customized searches under categories such as "vulnerable servers," "sensitive online shopping information" and "files containing juicy information."
The results are displayed as a list of links that can be opened directly in a browser. Example results include tell-tale error messages and Java applets for the remote control of surveillance cameras, according to CDC.
Goolag Scan is based on "Google hacking," the practice of exposing vulnerabilities via Google, which CDC says has been pioneered by a hacker going by the handle "Johnny I Hack Stuff."
Goolag Scan is, however, the first time such vulnerability searches have been built into a simple tool, according to CDC (Compare Patch and Vulnerability Management products).
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (7)
RE: Hackers turn Google into vulnerability scannerBy Aa'ed Alqarta on February 22, 2008, 12:59 pmI believe in the theory that says Google searching technology is a double-sided-sword. We heard before about the "Samy" worm that uses Google API to reach machines...
Reply | Read entire comment
GoogleBy Anonymous on February 25, 2008, 3:54 pmThis is the same company that wants to manage Health Care information? The same one whose top people said that they want to collect all possible information about...
Reply | Read entire comment
A little more journalism, please?By Anonymous on February 25, 2008, 5:01 pmThis article quotes one person who extols the wonders of this tool and recommends running it "yesterday" -- except the article is quoting a statement from the group...
Reply | Read entire comment
No, not scaryBy MegaZone on February 27, 2008, 8:26 pmNo, it isn't scary. You didn't understand the article is all. Google is not being 'hacked' in the way you see it used in the press a lot these days. No one...
Reply | Read entire comment
Greatest Google songsBy Alpha Doggs on March 7, 2008, 10:02 amLet's relax about this issue and listen to some songs about Google: http://www.networkworld.com/community/node/25746?ts0hb=&story=wknd_googlesongs
Reply | Read entire comment
Vulnerability ScannerBy security guy on March 11, 2008, 10:28 amI think that this is very cool to have a vulnerability scanner maintained by hackers, however, in order to really feel protected, I would use a commercial vulnerability...
Reply | Read entire comment
View all comments