McAfee's senior vice president for Risk Management George Kurtz demonstrated at a RSA conference in February that there are many interesting things to be found in the Google database.
If you search for sites with "Remote desktop web connection" in the title, you'll find... remote desktops that you can take over: [intitle:"Remote Desktop Web Connection"]
During a series of demonstrations, Kurtz showed how fairly straightforward queries will bring up user names and passwords as well sensitive information such as social security numbers. Just search for [ssn 111111111..999999999 death records].
If you type inurl:robots.txt in Google, you might be able to see the contents of that file and subdirectories that weren't meant to be public. For example, you can find Google MBD.
Read more:
Get sensitive information using Google
Google Hacking Database
March 25, 2006
Subscribe to:
Post Comments (Atom)
Most remote desktop systems come with multiple security layers, but it seems possible, and even probable that Google would be able to tell hackers where vulnerable PCs can be found.
ReplyDelete