vulnerability by insecurity
Download
Skip this Video
Download Presentation
Vulnerability by Insecurity

Loading in 2 Seconds...

play fullscreen
1 / 21

Vulnerability by Insecurity - PowerPoint PPT Presentation


  • 118 Views
  • Uploaded on

Vulnerability by Insecurity. Presented by Keith I. Daniels (SEARCH). Google Reveals Hidden Insecurities. Personnel Details Account information Credit card details Password files Detailed police reports. Who Watches the Web Designer.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Vulnerability by Insecurity' - aquarius


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
vulnerability by insecurity

Vulnerability by Insecurity

Presented by Keith I. Daniels (SEARCH)

google reveals hidden insecurities
Google Reveals Hidden Insecurities
  • Personnel Details
  • Account information
  • Credit card details
  • Password files
  • Detailed police reports
who watches the web designer
Who Watches the Web Designer
  • By default, Web Designers tend to have the ultimate control over web page content
  • Few people in an organization know more about web page design than the designer
  • Executives tend to assume and expect that only data viewable on the main page or intended links is viewable by the general public
everyone googles but do they understand it
Everyone Googles, But Do They Understand It?
  • To Understand Google is to understand security and insecurity
  • To the general user Google is just a box in which we put words that will result in thousands or millions of hits that can be clicked on and viewed. To most people this is sufficient
how google and search engines work
How Google and Search Engines Work
  • Google utilizes Spiders to scour the Internet
  • Reporting back to the database and caching all of the pages that it finds
each word searches individually and in combination with each of the other words
Each Word Searches Individually and in Combination With Each of the other Words

Word 3

Word 1

Word 2

boolean searches enhance results
Boolean Searches Enhance Results
  • Used for General searches
  • Also use Boolean searching techniques
  • “And” is a default boolean of Google
  • “”
  • +
  • Or
  • - (minus)
  • Not
utilizing the quotes comparison
Utilizing the Quotes “” Comparison
  • Identical searches in and out of quotes

5,890,000 hits

24 hits

the rule of 32
The Rule of 32
  • By Default, Google permits a maximum of 32 words in a search string
  • Hackers and hacker types can increase this by removing small regular words and replacing them with an asterisk *
  • Each asterisk permits another word to be added to the string
  • This permits the enquiring minds of the hackers to utilize scripts that have been pre programmed
the phrase below would look like this
The Phrase Below Would Look Like This
  • Hackers and hacker types can increase this by removing small regular words and replacing them with an asterisk

Each asterisk permits another word to be added to the string

With “and” removed also 29 words becomes 19. Now the string can have 10 more words added to it

  • Hackers hacker types *increase ** removing small regular words replacing them with * asterisk

Each asterisk permits another word ** added ** string

file types
File Types
  • Google has expanded the number of non-HTML file types searched to 12 file formats
  • Adobe Portable Document Format (pdf)
  • Adobe PostScript (ps)
  • Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
  • Lotus WordPro (lwp)
  • MacWrite (mw)
  • Microsoft Excel (xls)
  • Microsoft PowerPoint (ppt)
  • Microsoft Word (doc)
  • Microsoft Works (wks, wps, wdb)
  • Microsoft Write (wri)
  • Rich Text Format (rtf)
  • Text (ans, txt)
advanced operators the real hackers tools
Advanced Operators The Real Hackers Tools

Advanced operators require no space after the colon :

  • Cache:
  • Link:
  • Related:
  • Info:
  • Define:
  • Stocks:
  • Site: i.e training site:www.search.org
  • Allintitle:
  • Intitle:
  • Inurl:
  • Allinurl:
  • Numrange:
filetype
Filetype:
  • "admin account info" filetype:log

Let’s look at this site

clicking on the link reveals
Clicking on the Link Reveals
  • OOPS page not found

WRONG!!!!!!

finding the page through google cache
Finding the Page through Google Cache
  • Clicking on the “Cached” reveals the page in its original form

Difficult username to guess….. ADMIN

Password is more difficult but was easy to find

inurl admin login
Inurl:/admin/login
  • If someone can obtain administrator login privileges what can they do?
you found this on google
You Found this on Google
  • Enter a range of numbers i.e.
  • Numrange:4568000000000000..4568999999999999
  • The results can be astounding
prevention
Prevention
  • Do not permit sensitive data on your website even temporarily
  • Proactively check your web presence with Google regularly
  • Assign someone to conduct these checks, not the web developer
  • Have this person become familiar with a website at

www.johnny.ihackstuff.com (don’t forget the dot you have been warned)

prevention continued
Prevention Continued
  • Site:enter your site here
site digger www foundstone com
Site Digger www.foundstone.com
  • Free Software
  • Not for the faint of heart
contact information
Contact Information

Keith I. Daniels

Computer Training Specialist

SEARCH Group Inc

7311 Greenhaven Drive

Sacramento

Califronia 95831

[email protected]

916-392-2550 ext 254

ad