New Hacking Tool Uses Google to Find Web Site Vulnerabilities

By Matthew Harwood

Hackers have released a  new web auditing tool, known as Goolag Scanner, which uses Google's search engine to scour the Web for passwords and security holes.

The scanner was released by the Cult of the Dead Cow (cDc), the self-proclaimed "world's most attractive hacker group," who gained notoriety ten years ago by creating the Back Orifice software, which allowed hackers to remotely control a computer running Windows.

While PC World reports this will make hacking easier for novices, it will also allow Web site owners the ability to run the scanner, discover their vulnerabilities, and patch them up before a hacker takes advantage of them.

"It's no big secret that the Web is the platform," said cDc spokesmodel Oxblood Ruffin. "And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for web site owners to patch up their online properties. We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large web site, I'd be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious."

According to InformationWeek, Ruffin revealed 11 government Web sites that had major security holes, "including satellite access codes, credentials for VPNs and routers, and open proxies," but asked the Web site not to publish them so as not to embarrass government officials or entice hackers to attack these vulnerabilities. Ruffin said the Department of Homeland Security had been notified of these flaws weeks ago, but it did not respond to InformationWeek's requests for a comment.

Security experts say hackers have been using Google to poke and prod for vulnerabilities for some time now, although Mark Kraynak, senior director of strategic marketing for data protection company Imperva, told InformationWeek in an e-mail that Goolag Scanner makes it much easier than before.

"What it does do, Kraynak said, is allow less-sophisticated attackers to exploit application and data layer vulnerabilities. "This will result in even more application attacks," he said. "This is bad news, since SQL Injection and Cross-Site Scripting already rank among the most common attacks lodged against online applications. ... The bad guys now have automatic weapons, so as a security community we need to upgrade our defense systems for these new threats."




View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.