- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
Who’s got an eye on your documents?
By Dan Ilett
Published: 27 September 2004 08:20 BST
Hackers are using search engines to watch what people photocopy.
Using Google hacks - requests typed into the search engine that bring up cached information on networks - hackers are discovering and using login details for networked photocopiers so they can watch what is being copied.
"You don't have to be a genius to do this," said Jason Hart, security director at Whitehat UK. "You can see what people are photocopying on your monitor. You just have to search for online devices on Google."
Google stores billions of web URLs and information sent from web servers. Some web servers, if configured incorrectly or left to default, can accidentally broadcast network information, such as IP addresses, login details and device information. Google, like many other search engines, stores this information, which can be recalled at any time.
"Essentially Google caches everything on the web," said Hart. "By inputting commands into Google you can extract information and use it as a reverse-engineering tool."
Hackers have been using Google hacks for some time - exploiting photocopiers is only a recent example of compromising online devices. Hackers also use the search engine to view logged conversations on the Google computer groups list. In these, techies often share network information, such as logins, and their company domain name when they post their email address with a message.
Hart added: "If you look at a firm's domain you can see all their security questions which means you can see their network infrastructure. [Hackers] wait for people to come along and say: 'I've been put in charge of security but don’t know much. Can you help me?' The hacker helps out and gets their trust until they get the passwords to the firewalls."
Hart advised that security staff should regularly check Google for cached information on their firms' domain names. He said that if using public forums to solve problems, participants should sign in using an anonymous e-address.
"You can ask Google to take certain information off its site," said Hart. "It's always worth taking a look at. It's a simple check, but worthwhile."
Dan Ilett writes for ZDNet UK
Our work at Google also requires ideas from many non-technical fields, and we currently have New Graduate and Intern positions available in online ...
We need engineers to develop the next generation search engine. Software Engineer - C / C++, Java, UNIX / Linux - London, South East The area: ...
Industry experience in search engines, video, mobile, e-mail, telephony, or e-commerce a plus. We are looking for self-motivated individuals to join ...
CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.
Staffing Service Coordinates Sales Activities, Utilizes Business Intelligence With...
Maximizing Revenues in Troubled Times: Proven Methods of Extracting Water From a...
Teachers Association Turns to Centralized Data Repository to Improve Member Service
Service Management Companies: Will You Grow With or Outgrow QuickBooks?
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
RSS Feeds
silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week
Martin Brampton The Brampton Factor: Open source 'brotherhood' closed to co-operation Where's the real sharing?