Thursday, July 22, 2010

Researchers Will Turn Google And Bing Into Web Bug Warning System

Via Firewall Blog ( -

Before last January's Chinese cyberspying scandal, "Google hacking" meant something rather different. For years, hackers have used the search engine to probe for security vulnerabilities around the Web: Search for certain lines of buggy code, and Google's results turn up hundreds of sites that are ripe for exploits.

Now two researchers hope to revive Google hacking in that original sense, and take it one step further. Rob Ragan and Francis Brown, two researchers at security consulting firm Stach & Liu, plan to debut a new set of tools at the Black Hat conference next week aimed at converting Google and Bing into a sort of automated early warning system for Web hacks around the globe.

They plan to debut "Google Hack Alert" and "Bing Hack Alert," two RSS feeds that will monitor a database of known Web vulnerability search strings and use the two search engines to periodically comb the Internet for those flaws. They're also releasing a set of free applications for iPhone, Android, and Windows that Brown and Ragan call "Google Diggity" and "Bing Diggity." Those apps will allow network administrators to narrow their searches to any domains or IP ranges they'd like, turning the tools into a scanning system for their company's Web-based vulnerabilities. Bug searches will be cached, so that users can check for the presence of flaws historically, too.


"It's impractical to ask people to run a manual Google hacking search [as a defensive measure on their own network] on some kind of regular basis," says Ragan. "But if you're running Google Hack alerts and it finds something relevant, that's the best defense mechanism to know that there's sensitive information potentially leaking from your site."

No comments:

Post a Comment