Vulnerability by insecurity
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Vulnerability by Insecurity PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on
  • Presentation posted in: General

Vulnerability by Insecurity. Presented by Keith I. Daniels (SEARCH). Google Reveals Hidden Insecurities. Personnel Details Account information Credit card details Password files Detailed police reports. Who Watches the Web Designer.

Download Presentation

Vulnerability by Insecurity

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Vulnerability by insecurity

Vulnerability by Insecurity

Presented by Keith I. Daniels (SEARCH)


Google reveals hidden insecurities

Google Reveals Hidden Insecurities

  • Personnel Details

  • Account information

  • Credit card details

  • Password files

  • Detailed police reports


Who watches the web designer

Who Watches the Web Designer

  • By default, Web Designers tend to have the ultimate control over web page content

  • Few people in an organization know more about web page design than the designer

  • Executives tend to assume and expect that only data viewable on the main page or intended links is viewable by the general public


Everyone googles but do they understand it

Everyone Googles, But Do They Understand It?

  • To Understand Google is to understand security and insecurity

  • To the general user Google is just a box in which we put words that will result in thousands or millions of hits that can be clicked on and viewed. To most people this is sufficient


How google and search engines work

How Google and Search Engines Work

  • Google utilizes Spiders to scour the Internet

  • Reporting back to the database and caching all of the pages that it finds


Each word searches individually and in combination with each of the other words

Each Word Searches Individually and in Combination With Each of the other Words

Word 3

Word 1

Word 2


Boolean searches enhance results

Boolean Searches Enhance Results

  • Used for General searches

  • Also use Boolean searching techniques

  • “And” is a default boolean of Google

  • “”

  • +

  • Or

  • - (minus)

  • Not


Utilizing the quotes comparison

Utilizing the Quotes “” Comparison

  • Identical searches in and out of quotes

5,890,000 hits

24 hits


The rule of 32

The Rule of 32

  • By Default, Google permits a maximum of 32 words in a search string

  • Hackers and hacker types can increase this by removing small regular words and replacing them with an asterisk *

  • Each asterisk permits another word to be added to the string

  • This permits the enquiring minds of the hackers to utilize scripts that have been pre programmed


The phrase below would look like this

The Phrase Below Would Look Like This

  • Hackers and hacker types can increase this by removing small regular words and replacing them with an asterisk

    Each asterisk permits another word to be added to the string

    With “and” removed also 29 words becomes 19. Now the string can have 10 more words added to it

  • Hackers hacker types *increase ** removing small regular words replacing them with * asterisk

    Each asterisk permits another word ** added ** string


File types

File Types

  • Google has expanded the number of non-HTML file types searched to 12 file formats

  • Adobe Portable Document Format (pdf)

  • Adobe PostScript (ps)

  • Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)

  • Lotus WordPro (lwp)

  • MacWrite (mw)

  • Microsoft Excel (xls)

  • Microsoft PowerPoint (ppt)

  • Microsoft Word (doc)

  • Microsoft Works (wks, wps, wdb)

  • Microsoft Write (wri)

  • Rich Text Format (rtf)

  • Text (ans, txt)


Advanced operators the real hackers tools

Advanced Operators The Real Hackers Tools

Advanced operators require no space after the colon :

  • Cache:

  • Link:

  • Related:

  • Info:

  • Define:

  • Stocks:

  • Site: i.e training site:www.search.org

  • Allintitle:

  • Intitle:

  • Inurl:

  • Allinurl:

  • Numrange:


Filetype

Filetype:

  • "admin account info" filetype:log

Let’s look at this site


Clicking on the link reveals

Clicking on the Link Reveals

  • OOPS page not found

WRONG!!!!!!


Finding the page through google cache

Finding the Page through Google Cache

  • Clicking on the “Cached” reveals the page in its original form

Difficult username to guess….. ADMIN

Password is more difficult but was easy to find


Inurl admin login

Inurl:/admin/login

  • If someone can obtain administrator login privileges what can they do?


You found this on google

You Found this on Google

  • Enter a range of numbers i.e.

  • Numrange:4568000000000000..4568999999999999

  • The results can be astounding


Prevention

Prevention

  • Do not permit sensitive data on your website even temporarily

  • Proactively check your web presence with Google regularly

  • Assign someone to conduct these checks, not the web developer

  • Have this person become familiar with a website at

    www.johnny.ihackstuff.com (don’t forget the dot you have been warned)


Prevention continued

Prevention Continued

  • Site:enter your site here


Site digger www foundstone com

Site Digger www.foundstone.com

  • Free Software

  • Not for the faint of heart


Contact information

Contact Information

Keith I. Daniels

Computer Training Specialist

SEARCH Group Inc

7311 Greenhaven Drive

Sacramento

Califronia 95831

[email protected]

916-392-2550 ext 254


  • Login