All the latest UK technology news, reviews and analysis
|
|
|
27 Nov 2001
Internet users have become concerned that search engines may now be a hacker's best friend following the introduction of a 'file format' search option by Google.
Launched almost a month ago, the option allows users to search for specific file types, namely Word, Excel, PowerPoint, PDF, Postscript and Rich Text Format.
But a number of web reports and mailing list discussions have speculated recently that such options will help hackers track down sensitive files located on internet facing servers.
One such posting on a security newsgroup claimed that searching using the string 'Index of / +banques +filetype:xls' eventually turned up sensitive Excel spreadsheets from French banks. The same technique could also be used to find password files.
But Mark Read, network security analyst at MIS, said the concept was nothing new and that it has been possible to engineer search engines to look for such files for years.
"The sites that would come back in the results from such responses obviously don't care about security in the first place," he told vnunet.com. "In order for these pages to be indexed in the first place, the search engine spider needs to be able to find them, which it does through a link on a previous page."
"If somebody has hyperlinked to these pages/files, or somebody has allowed a directory to be listed therefore leaving a directory listing for a spider to follow, then they are just sending out an open invite," he added.
Google's own stance is that the search engine is indexing publicly available information which the company defines as "anything placed on the public internet and not blocked to search engines in any way".
Read said: "At the end of the day, though, if you're going to have sensitive info and unprotected admin scripts on your web root, relying purely on the 'nobody will ever find them' attitude, then you really should consider looking for another job not involving computers.
"A lot of people are starting to take security seriously, but there's still a lot of common sense security mistakes being made by some fairly large key players out there."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
We have been given the privilege of recruiting for a...
My client is a proprietary, electronic trading firm and...
Our client is looking for a Senior Project Manager (Telecoms...
Business Analysts are being sought by my leading financial...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
stupid
so dont store user-sensetive files containing passwords or other personal stuff - on webservers and ftp servers, where they shouldnt be in the first place. if the data is on internet web-servers in the first place (google dont list plain computers w/o web interface server) - then its already vulnerable to hackers weither google alows you to search for it or not.
Posted by: Mathias Frendin 01 Mar 2006