Word of the day: Googledorks

Article: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9064238

A hacker group known as The Cult of the Dead Cow (cDc) has released a program called Goolag Scanner which utilizes -- you guessed it -- Google. It is meant for IT workers to scan websites for security holes, but it can also be used maliciously by hackers by allowing them to find vulnerabilities and attack them.

Here is the way it works: Goolag Scanner contains about 1,500 search queries that when run in Google, can reveal website vulnerabilities. These queries are known as Googledorks. By using the program, you can run automated scans instead of copying each query into Google individually and searching.

cDc has tested the program on many government websites and found some pretty bad security holes. It just goes to show you how insecure the Internet really is; even the government can't guarantee data security.

Is Goolag scanner ethical? cDc claims it is, quoted as saying, "What we're trying to do is two things: 1) to provide a very easy and legitimate tool for security professionals to test their own Web sites for vulnerabilities, and 2) to raise awareness about Web security in and of itself." Sure, it sounds good on paper (or in this case, the monitor), but even they admit that Goolag Scanner will undoubtedly be used in harmful ways too.

What's done is done however, the tool is out there and available to the general public. The best thing for website owners to do is use the tool on their own websites to locate any insecure data before the hackers do.