- Worst of the lot: PCConnection and PCMall
- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Cisco loses $2 million order to Nortel
- Enterasys, Extreme hooking up?
BitTorrent blocking; SQL injection attack. Listen now!
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Migrating to a new messaging system is a tedious, complex and risky process. And since this isn’t something you do everyday, you need to know "best practices" to ensure a successful migration.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch Raven Zachary, Research Director for Open Source at the 451 Group, an independent IT analyst firm, discuss the emergence of enterprise Linux and the role of Oracle Unbreakable Linux support.
f**k.me, bang.me, suck.me, etc. etc...- Anonymous
The hacking group Cult of the Dead Cow (CDC) this week released a tool that turns Google into an automated vulnerability scanner, scouring Web sites for sensitive information such as passwords or server vulnerabilities.
CDC first achieved notoriety ten years ago with its backdoor Back Orifice, which demonstrated in a highly public way just how easy it was to take unauthorized control of a Windows PC.
The new tool, called Goolag Scan, is equally provocative, making it easy for unskilled users to track down vulnerabilities and sensitive information on specific Web sites or broad web domains.
This capability should serve as a wake-up call for system administrators to run the tool on their own sites before attackers get around to it, according to CDC.
"It's no big secret that the Web is the platform, and this platform pretty much sucks from a security perspective," said CDC spokesperson Oxblood Ruffin, in a statement. "We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large Web site, I'd be downloading this beast and aiming it at my site yesterday."
The tool is a stand-alone Windows .Net application, licensed under the open source GNU General Public License, that provides about 1,500 customized searches under categories such as "vulnerable servers," "sensitive online shopping information" and "files containing juicy information."
The results are displayed as a list of links that can be opened directly in a browser. Example results include tell-tale error messages and Java applets for the remote control of surveillance cameras, according to CDC.
Goolag Scan is based on "Google hacking," the practice of exposing vulnerabilities via Google, which CDC says has been pioneered by a hacker going by the handle "Johnny I Hack Stuff."
Goolag Scan is, however, the first time such vulnerability searches have been built into a simple tool, according to CDC (Compare Patch and Vulnerability Management products).
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Vulnerability ScannerBy security guy on March 11, 2008, 10:28 amI think that this is very cool to have a vulnerability scanner maintained by hackers, however, in order to really feel protected, I would use a commercial vulnerability...
Reply | Read entire comment
Greatest Google songsBy Alpha Doggs on March 7, 2008, 10:02 amLet's relax about this issue and listen to some songs about Google: http://www.networkworld.com/community/node/25746?ts0hb=&story=wknd_googlesongs
Reply | Read entire comment
No, not scaryBy MegaZone on February 27, 2008, 8:26 pmNo, it isn't scary. You didn't understand the article is all. Google is not being 'hacked' in the way you see it used in the press a lot these days. No one...
Reply | Read entire comment
A little more journalism, please?By Anonymous on February 25, 2008, 5:01 pmThis article quotes one person who extols the wonders of this tool and recommends running it "yesterday" -- except the article is quoting a statement from the group...
Reply | Read entire comment
GoogleBy Anonymous on February 25, 2008, 3:54 pmThis is the same company that wants to manage Health Care information? The same one whose top people said that they want to collect all possible information about...
Reply | Read entire comment
View all comments