Outline Google Hacking Privacy Searches Countermeasures Future Work Conclusion Google Hacking against Privacy Emin ˙ Islam Tatlı [email protected]Department of Computer Science, University of Mannheim (on leave to the University of Weimar) Fidis Third International Summer School Karlstad-Sweden, 6-10 August 2007 Emin ˙ Islam Tatlı (University of Mannheim) Google Hacking against Privacy
21
Embed
Google Hacking against Privacy - Karlstad University · called Google Hacking vulnerable servers, files and applications, files containing usernames-passwords, sensitive directories,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Department of Computer Science, University of Mannheim(on leave to the University of Weimar)
Fidis Third International Summer School Karlstad-Sweden,6-10 August 2007
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
Outline
1 Google Hacking
2 Privacy SearchesIdentification DataSensitive DataConfidential DataSecret Data
3 Countermeasures
4 Future Work
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
MotivationAdvanced Search ParametersExamples of Google Hacking
Motivation
Google has the index size over 20 billion entries
try to search -"fgkdfgjisdfgjsiod"
Hackers use google to search vulnerabilities
called Google Hackingvulnerable servers, files and applications, files containingusernames-passwords, sensitive directories, online devices, etc.Google Hacking Database [1] ⇒ 1423 entries in 14 groups (byJuly 2007)
What about Private Data?
In this talk, we find out many private data with google
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
MotivationAdvanced Search ParametersExamples of Google Hacking
Advanced Search Parameters
[all]inurl
[all]intext
[all]intitle
site
ext, filetype
symbols: - . * |
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
MotivationAdvanced Search ParametersExamples of Google Hacking
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
Sitedigger
Privacy Countermeasures I
User-self protection
Do not make any sensitive data like documents containing youraddress, phone numbers, backup directories, secret data likepasswords, private emails, etc. online accessible to the public.Provide only required amount of personal information for theWiki-similar systems.Use more pseudonyms over InternetConsidering forum postings and group mails, try to stayanonymous for certain email contentsDo not let private media get shared over Web2.0 servicesActivate authentication mechanisms for your online devices
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
Sitedigger
Privacy Countermeasures II
System-wide protection
Use automatic tools to check your system (e.g. gooscan,sitedigger, goolink)
Use Robot Exclusion Standart (robots.txt)
Be aware of database backups containing usernames andpasswords
Install and manage Google Honeypot [2]
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
Sitedigger
Sitedigger [4]
free from Foundstonecompany
supports both GHD andFoundstone’s own hackingdatabase
for a given host, all entries inthe database are queried
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
Future Work
We are implementing the tool for automatic searches of privatedata via Google
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
Conclusion
Search engines index our private data and make public
User privacy is in danger
We need to take the required privacy countermeasures andprotect our privacy
Emin Islam Tatlı (University of Mannheim) Google Hacking against Privacy
OutlineGoogle Hacking
Privacy SearchesCountermeasures
Future WorkConclusion
References
Google Hacking Database. http://johnny.ihackstuff.com
Google Hack Honeypot Project. http://ghh.sourceforge.net