Vulnerability by insecurity
Download
1 / 21

Vulnerability by Insecurity - PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on
  • Presentation posted in: General

Vulnerability by Insecurity. Presented by Keith I. Daniels (SEARCH). Google Reveals Hidden Insecurities. Personnel Details Account information Credit card details Password files Detailed police reports. Who Watches the Web Designer.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Vulnerability by Insecurity ' - aquarius


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Vulnerability by insecurity

Vulnerability by Insecurity

Presented by Keith I. Daniels (SEARCH)


Google reveals hidden insecurities
Google Reveals Hidden Insecurities

  • Personnel Details

  • Account information

  • Credit card details

  • Password files

  • Detailed police reports


Who watches the web designer
Who Watches the Web Designer

  • By default, Web Designers tend to have the ultimate control over web page content

  • Few people in an organization know more about web page design than the designer

  • Executives tend to assume and expect that only data viewable on the main page or intended links is viewable by the general public


Everyone googles but do they understand it
Everyone Googles, But Do They Understand It?

  • To Understand Google is to understand security and insecurity

  • To the general user Google is just a box in which we put words that will result in thousands or millions of hits that can be clicked on and viewed. To most people this is sufficient


How google and search engines work
How Google and Search Engines Work

  • Google utilizes Spiders to scour the Internet

  • Reporting back to the database and caching all of the pages that it finds


Each word searches individually and in combination with each of the other words
Each Word Searches Individually and in Combination With Each of the other Words

Word 3

Word 1

Word 2


Boolean searches enhance results
Boolean Searches Enhance Results of the other Words

  • Used for General searches

  • Also use Boolean searching techniques

  • “And” is a default boolean of Google

  • “”

  • +

  • Or

  • - (minus)

  • Not


Utilizing the quotes comparison
Utilizing the Quotes “” Comparison of the other Words

  • Identical searches in and out of quotes

5,890,000 hits

24 hits


The rule of 32
The Rule of 32 of the other Words

  • By Default, Google permits a maximum of 32 words in a search string

  • Hackers and hacker types can increase this by removing small regular words and replacing them with an asterisk *

  • Each asterisk permits another word to be added to the string

  • This permits the enquiring minds of the hackers to utilize scripts that have been pre programmed


The phrase below would look like this
The Phrase Below Would Look Like This of the other Words

  • Hackers and hacker types can increase this by removing small regular words and replacing them with an asterisk

    Each asterisk permits another word to be added to the string

    With “and” removed also 29 words becomes 19. Now the string can have 10 more words added to it

  • Hackers hacker types *increase ** removing small regular words replacing them with * asterisk

    Each asterisk permits another word ** added ** string


File types
File Types of the other Words

  • Google has expanded the number of non-HTML file types searched to 12 file formats

  • Adobe Portable Document Format (pdf)

  • Adobe PostScript (ps)

  • Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)

  • Lotus WordPro (lwp)

  • MacWrite (mw)

  • Microsoft Excel (xls)

  • Microsoft PowerPoint (ppt)

  • Microsoft Word (doc)

  • Microsoft Works (wks, wps, wdb)

  • Microsoft Write (wri)

  • Rich Text Format (rtf)

  • Text (ans, txt)


Advanced operators the real hackers tools
Advanced Operators The Real Hackers Tools of the other Words

Advanced operators require no space after the colon :

  • Cache:

  • Link:

  • Related:

  • Info:

  • Define:

  • Stocks:

  • Site: i.e training site:www.search.org

  • Allintitle:

  • Intitle:

  • Inurl:

  • Allinurl:

  • Numrange:


Filetype
Filetype: of the other Words

  • "admin account info" filetype:log

Let’s look at this site


Clicking on the link reveals
Clicking on the Link Reveals of the other Words

  • OOPS page not found

WRONG!!!!!!


Finding the page through google cache
Finding the Page through Google Cache of the other Words

  • Clicking on the “Cached” reveals the page in its original form

Difficult username to guess….. ADMIN

Password is more difficult but was easy to find


Inurl admin login
Inurl:/admin/login of the other Words

  • If someone can obtain administrator login privileges what can they do?


You found this on google
You Found this on Google of the other Words

  • Enter a range of numbers i.e.

  • Numrange:4568000000000000..4568999999999999

  • The results can be astounding


Prevention
Prevention of the other Words

  • Do not permit sensitive data on your website even temporarily

  • Proactively check your web presence with Google regularly

  • Assign someone to conduct these checks, not the web developer

  • Have this person become familiar with a website at

    www.johnny.ihackstuff.com (don’t forget the dot you have been warned)


Prevention continued
Prevention Continued of the other Words

  • Site:enter your site here


Site digger www foundstone com
Site Digger www.foundstone.com of the other Words

  • Free Software

  • Not for the faint of heart


Contact information
Contact Information of the other Words

Keith I. Daniels

Computer Training Specialist

SEARCH Group Inc

7311 Greenhaven Drive

Sacramento

Califronia 95831

Keith.Daniels@search.org

916-392-2550 ext 254


ad
  • Login