Google Hacking -- The Downside of Total Search Engine Visibility

Hackers exploit search engine optimization to reveal website vulnerabilities

Northbrook, IL (24 January 2005) According to two network and Internet security executives, search engines create transparency but also rapidly expose website vulnerabilities. Automated (Google) search engine hacking refers to the automated (via programming/code) use of Google's (MSN or Yahoo) search capabilities to discover potential targets for malicious worms and viruses.

“The idea itself isn't new,” said Noam Rathaus, CTO of Beyond Security LTD (www.beyondsecurity.com), based in Israel. “Malicious hackers have been using search engine indexing to find potential targets. White hats have been also using Google's indexing to refine their test scripts and make them less false positive prone. Worms used to discover potential targets for themselves. This was time consuming and bandwidth consuming for the worms, and made the spreading of the worm slower. In addition worms can now avoid the need to attack random IP addresses, some of them would be vulnerable others wouldn't.”

Using a search engine like Google, a worm can now spot potential targets and vulnerabilities quickly (a request to Google takes less than a half of a second to return) and attack only those with the targeted vulnerability (instead of the rest of the Internet which cannot be compromised by the Worm).

Beyond Security Ltd specializes in developing tools that uncover security holes in servers, expose vulnerabilities in the corporate network, check computer systems for the possibility of hostile external attacks and audit vendor products for security holes. Founded in 1999, the company currently employs 30 employees worldwide. The company's research and development center is located in Israel.

According to Brandon Buhai, COO of Beyond-IP (www.beyond-ip.com) in Northbrook, IL, business owners should realize that Google hacking can't be prevented. “Google hacking exploits the information age's complete visibility,” Buhai said. “If you have a web site, Google will find it and index the content it contains. The information it indexes can be used for "good" or "bad". When customers use Google (or MSN or Yahoo) to find you…that is good. When it is used to discover and exploit vulnerabilities in your website…that is bad.”

Buhai has spoken to business owners that block search engines from indexing certain parts of their website in an attempt to cloak vulnerabilities or maintain “security through obscurity.” They reason that by cloaking message boards and other vulnerable applications from search engines, they effectively protect themselves from Google hacks.

According to Rathaus, this is the wrong approach. “The Search Engine's goal is to index as much information as possible, this is done with the intention of attracting people to your web site. Optimizations allow you to direct the Search Engine's indexing mechanism to places it would otherwise be unable to reach. In particular,” said Rathaus. “Cloaking your message board's information MIGHT protect you from a Google worm, but it won't protect you from any of the previous or future worms that didn't or don’t use Google. In effect, the cloaking will only make your web site less "searchable" (will be found less when looked for by Google), as less pages will be indexed, and less content will be associated with your web page (due to the cloaking).”

According to Buhai “a better and more reasonable approach is fix specific vulnerabilities instead of trying to hide them. In the case of the recent Google worms (see http://www.securiteam.com/exploits/6B00P20C0S.html for more information) the hole had been identified for sometime before the attack was executed.”

With all these things in mind, it is important for website owners to realize that information is out the minute it is published to a web site. It also means a web site’s vulnerabilities are also exposed almost as quickly.

Google, or any other search engine isn't to blame if you become a worm’s target. Rather, owners of business should constantly check their web sites for security holes, using readily available and cost effective automated penetration testing devices.

ABOUT BEYOND-IP

For organizations concerned about regulatory compliance or dissatisfied with the network security audit services provided by their consulting firms, Beyond-IP provides an Automated Vulnerability Management Appliance that provides a higher quality, lower cost network vulnerability assessment and management than any other alternative. The Automated Vulnerability Management Appliances performs a security mapping of your network and simulates attacks originating from either the internal or the external network. Once the security scanning is complete, the software generates a detailed vulnerability report specifying the security breaches, along with practical solutions to fix those vulnerabilities. Beyond-IP’s solutions allow simplified measurement, monitoring and management of vulnerabilities over time. Beyond-IP is the US arm of Beyond Security LTD. To learn more, visit www.beyond-ip.com.

ABOUT BEYOND SECURITY

Beyond Security is a leading provider of security assessment technologies. Beyond Security specializes in developing solutions for network security, providing detection and prevention tools. Solutions include internal network, external network and product security audits. Beyond Security owns and administers the world’s largest independent security portal -- SecuriTeam.com. This portal gives security professionals from around the world critical information on new security threats and vulnerabilities, and it provides background data, fixes, patches and workarounds to identified threats, 24 hours a day, 365 day a year, making it one of the most comprehensive security resources in the world. SecuriTeam currently receives over one million unique page impressions per month from security professionals worldwide and it contains over 6,500 pages of linked. To learn more, visit www.SecuriTeam.com

Contact for Beyond-IP, LLC

Ben Bradley
ben@bwmginc.com
630-221-9844