Log-in | Register Username:   Password:   forgot password? Logged in as | Log-out

blog home blog structured search InfoWorld power search InfoWorld metadata explorer The Screening Room all screencasts popular / general-interest screencasts Friday podcasts Friday podcasts with transcripts Friday podcasts: RSS feed all podcasts all blog items LibraryLookup subscribe with rss: send Jon an email: reading list as opml reading list as html

<<  Friday, March 12, 2004  >> Automated security scanning with Google The other day Robin Good posted a link, via George Siemens, to a Register article by Scott Granneman. The article illustrates Google queries that find passwords, web-accessible databases, and financial data. Nobody should be surprised by what these queries reveal, but I'm sure a lot of folks will be. A couple of websites have even sprung up dedicated to listing words and phrases that reveal sensitive information and vulnerabilities. My favorite of these, Googledorks, is a treasure trove of ideas for the budding attacker. As a protective countermeasure, all security pros should visit this site and try out some of the suggestions on the sites that they oversee or with whom they consult. With a little elbow grease, some Perl, and the Google Web API, you could write scripts that would automate the process and generate some nice reports that you could show to your clients. [The Register: The Perils of Googling] Indeed. What does surprise me is that there isn't a well-known tool for doing this. It would be the 21st-century equivalent of SATAN, the first security scanner I pointed at my website back in the mid 1990s. Or more recently, Nessus. Perhaps such a tool is well-known, but not yet to the good guys? It would be really useful. The mechanism, as Granneman points out, is trivial, but assembling the database of vulnerabilities isn't. If a credible project has formed around this idea, I'd like to know about it.

Recent Entries Why can't Johnny download? Because he's stuck in a semantic muddle. Justifying the feel-good labels Screen-sharing's long tail Why can't Johnny download? A conversation with Rajiv Gupta about fine-grained access control XBRL use cases: better late than never Tantalizing hints of the Knowledge Navigator Denise Getts wires the web Beyond the election news cycle A conversation with Jim Russell about the Pittsburgh diaspora The SALT talks All roads lead to VNC Mobile speech recognition The Screening Room #10: Dabble DB Scaling the Tufte effect A conversation with John Schneider about Efficient XML What's the video threshold for face-reading? So many social networks, so little time Conversational dynamics in the blogosphere Intense, simple, active demonstrations A conversation with Cricket Liu about the Domain Name System Drowning in a rising tide DRM by asking nicely In search of non-gratuitous 3D A conversation with Mark Ericson about communications-enabled business processes Levelator! Talk to the avatar WordPress for loosely-coupled comments, part 2 Compound documents for the web A conversation with Ellen Ullman about living close to the machine At the Paris SOA Forum ID card anthropology Second Life, MTurk, and on-demand education The Screening Room #9: Windows Live Writer A conversation with Tim Fahlberg about mathcasts, clickers, and the future of education A conversation with Jeff Bezos about Amazon web services Kim Cameron on why business protocols aren't user-centric yet Show me my account activity! WordPress as a loosely-coupled comment engine How translucency could defuse the Turnitin/McLean High controversy A conversation with Cyril Houri about annotating the planet using a GPS/WiFi/cellular hybrid Turk work Screencasting of tacit knowledge Ongoing discussion of translucency and selective disclosure Half-baked ideas Google Earth live and in realtime The politics of data control Audio editing on the move A conversation with Phil Windley about identity in the real and virtual worlds

Sponsored Technology Links
Oracle - Best Practices for Successful SOA Governance Villanova University - Learn the Latest IS Security Practices - 100% Online! CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. MKS - Get Power and Simplicity of UNIX while working in Windows InterSystems - Develop and integrate faster with InterSystems Ensemble. Rackspace - Go Green Without Sacrificing Server Performance AT&T - Factors to consider when comparing DSL or Cable AT&T - Thinking about IMS AT&T - What to expect from a Technology Assessment. AT&T - Refine your company's plan for a Business Disruption Event HP - HP Color LaserJet CP4005n printer. Now $899. SHOP NOW Dell - Dell Latitude: Battery life up to 19 hours. Learn more. Equallogic - Flexible, Scalable, Enterprise Storage for Virtual Infrastructures Equallogic - Four Steps to Disaster Recovery and Business Continuity Using iSCSI HP - Get Extreme Storage for Extreme Business with HP. Dell/Equallogic - PS Series Best Practices Deploying Microsoft(R) Exchange Server 2007 in an iSCSI SAN Symantec - Make data protection more efficient with Veritas NetBackup Xerox - Experience the colorful side of business at www.frugalcolor.com Dell - Windows Vista: A Cyber Security Shield Mindreef - Key Strategies for SOA Testing AT&T - Class of Service: Myths and Misconceptions HP - HP LaserJet P4014n printer Starting at $699 after $100 IS. SHOP NOW		HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - HP StorageWorks products-control, consolidation and confidence. HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Big Fix - Before all Hell breaks loose on your network & your endpoints! 3PAR - Takes on the Storage Industry Giants Platespin - Consolidated Disaster Recovery Using Virtualization Platespin - 8 Phases of a Successful Consolidation Initiative SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA Polycom - Telepresence For The Enterprise Tripwire - Secure your virtual and physical environments with the same software. Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation AT&T - Enhancing security through Quantum Cryptography Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. Oracle - The Power of Two with SOA and BPM

	HOME  NEWS  BLOGS  PODCASTS  VIDEOS  TECHNOLOGIES  TEST CENTER  EVENTS  CAREERS	About | Advertise | Awards | RSS | Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist