|
|
|
Tool Helps Companies Spot Their Leaks
By: Dennis Fisher
2005-01-10
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
A Mcafee division will unveil a tool designed to help enterprises use Google to discover sensitive company information that might have leaked onto the Internet.Mcafee Inc.s Foundstone professional services group this week will unveil a sophisticated tool designed to help enterprises use Google to discover any sensitive information about the company that might have leaked onto the Internet.
The tool, called SiteDigger 2.0, is an upgrade to a utility program written by Foundstone consultants before McAfee acquired the company last year. SiteDigger takes advantage of the massive amounts of data that Google Inc. has indexed and categorized and lets users uncover any confidential or potentially damaging information thats on the Internet.
SiteDigger contains hundreds of signatures that it uses to identify information-exposure vulnerabilities in several categories. After downloading the free tool, users specify their domain or subdomain and then select a search category: privacy, backup files, configuration mistakes, remote administrator interface, error messages, public vulnerabilities or technology profile. The results can then be exported and viewed in a tabular format.
The tool is a distant cousin of other techniques used by crackers, known as "Google hacking." These techniques generally include using the public Google site to search for things such as Web-server log-in pages that are exposed to the Internet, public-facing applications with default configurations and other common vulnerabilities. It has become common practice among crackers to use Google as the first step in finding vulnerable target servers.
 Click here to read an eWEEK Labs review of SiteDigger 1.0.
Google hacking has been used for some time, but the technique began gaining attention last July, following hacker Johnny Longs presentation at the Black Hat conference in Las Vegas. Long showed various techniques for using Google to identify vulnerable servers and to find passwords, user names and other sensitive information. Long, the co-author of a book on Google hacking, maintains a database containing hundreds of entries showing results of various Google searches. The results can be astounding, as in the entries showing servers that return error messages containing users passwords. SiteDigger uses Longs Google Hacking Database as the basis for its searches.
But SiteDigger is aimed squarely at the enterprise market and even has the blessing of Google itself, which granted McAfee a special license to access the sites Web services API for deeper and more accurate searches.
"The Google engineers thought this was an elegant approach," said Marc Curphey, director of consulting for the Foundstone professional services unit of McAfee, based in Santa Clara, Calif. "Companies are amazed at what we can find with this. It really opens up some eyes when they see the results they get back."
SiteDigger is built on Microsoft Corp.s .Net Framework using C# and SOAP (Simple Object Access Protocol), and the new version has an updated user interface. Users can download the tool for free from McAfees Web site.
Dig It
SiteDigger 2.0 features
Finds sensitive data on Google in seven categories
Offers more than 900 signatures
Includes improved GUI
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������x}is㶲*�Qމg5ER%uƶ|,LU(��S$CR^wr�_7�nZhdrLb["�
F;�vv IM˙sל۔\s�Pç��v$5wv]2i*
d&��@�jہ��)�}mk4
�uB��;�;#|6S%߽w *s=NN5��KԚLÆ|g&$Ʈl
d��kdp��,c�w5h{=D@�~5[��6m��(GL��Ż?�K���E!wO�C�շ8>vP
ߩ�U�aÙO,}!*{�|@J%h���1Qu�͟Q�adw^x/4�;U'i�?��7Sա*v�25vk>6^:�6
�FȅC�z$nRv'nWoR 2�5I2�Z@[��,�HGmfCc`pmׇɩV�Tq3c}f�ݷt{�#�Էƀ:S��S�C3Mu��N_CԿ(ҀK�8Q+<m�i_?_r\w/ڽ>9]vSGR}Bg#j`BcYqeUo~��vO|�g6~�l
M���u�ô�W+Z�vxC!u{L
,_e=h��!�_w��nr@
i/�]"�{�,Y`M��`�ImdƱ�(|Ǻ�r�N��d9AcE'}6kiJu�V�!`FC�mn6
@̀ki��fk�PX��TA5@�N)��51r��vf��M)i�K3_^*�-ͿE7h+bԜөɛ!"ƈOn�9x�|!XsI��((�G��&�μlO�yx>jY[6'jdamIiS_dxe�ޡ:I5xieO~�*WI����F��nZ`3qM}sQU�1W*P\?,Ëʾ��b�(7ZdL��,��1,{Lt�p6� 0h��v?3�Ϩig8�9y��tD�AG61^�zK
ucj���>; ä��wX�8}Zs�O6�/|�Ta���^탉�I$�>6�Z\?`�
V�CfB떂9�;�erk�m͠A�(oEH��X^0��G`^@4�8`�88ʼ��E�]uCbB�=���woouG
&��SsnPB=x?�+1
��-@>H@Bt�"BђF�� �4� � g�#X"K"'G�@@7gw$]Vi+Raz"�ʦ�B�Ig�}vn +=*%�nqR%e 3��ʬ$&vϏaZLbo��7�]�,�Slo3-M�uc�{\V�5mZO4Mǖa��G�n]ּGs6I�`آwB?f! q WQ�e@s�'{<����7,kR���m�A
9g)��Eu�5>��TfB7g��ƩeLI|��EpL�2�j�Խæ�Xguϳ-j�{�TN`cܐ^�h;Ͱ&QUN?>{BO,\n�aDHդ�:ϧ�HڶMS�}77�Bs݈C/�2$\^&VAB1
6d:�l';oWfn2>�=MO5�X�ScXM`Dn�zb8ug�m/n1`�V|�\v��\g˺z+fYX]۽/ 7JeO]օV�P+=�
�rL%���kZԕ1�%/�E�$$"Y
`}.E�O�␘ 0�Z�m7D=t�=Ơ�nP
jrIj�S#�0�W4E%J,Y�vn������(��)z?r�/�XS�=h�M>w�!Smϐ|pR9��s?�R.C4
�$)̕>E߰�XXԺ0 0q�ڠ@XĞ�<�TWաk?t�G�譨Cd�=�1щf*3�a2�[6�T�,a�79y��y
�'jE)j4'�`�/#Y%�/�m0ܱk]>fD�uD(-CZ!3���O�7uX8F_͆OCBM��&Hyq8TU��&q�
sWyGZa0O=y:kR^K?�aYj�s�1*(S,i��0ȡ;��S�u`ћz?_�3ch9g䳲?ה��
`3�txKG��UXY8�f�-��1_0kY
��/k ,5
ܧ�i
~>CV�6őGG@֝���늦�?�+�+ܞ?�F���+ E{h�⢉!H;+�E��&pӚn�7�ހ�l�iF��-@�2x6�p~iy�@"Os�l8p��af4X[�ȟ%}vW�C7g)jf��#RL@
`��
9v}W(b(kÍ'ZAiM|ٜ�o!zUqʀWIe��Ǧ�24�,ZdǗW\�JW>�7ΣO!�plsHNP�͕�G�X�)Qljy
@Aūk!@j3e+4ct���Y���?O�i_0:Lc�h
z47DZ.������q�iv?)�jⲏq��t~j]|ťTj��W�PUWt�<,#?�3q:Fo�靦eM+t׀mkZpw\(2M�#k��F!)Wje�>eae�O.��lWJ_�0]P���X9H(P+ Yt>Gɷ0�6njK�<8��+Aנn)ɑ$ |ï*ͤ�D@7wZTe�&3w991u?|{~qwo�z}Օݷ K�
L��$T��)C�h/nL10:O6i�O(JQ?v��ړ@:iw>�1���?�N��[n‷�vO�Qa^wԸ:@C�~�ο�HNj=oy,/L�dz�NR(��!�1>bt߫]=-co/[vtauN�Q��嵀�^9
�s�u{!d};]h{ёҽN
z's5B� Y�AV�#�=gUti)q�f�m2XC<2u\8$��ST8 m̀@H�c];WX0vx!|ӱB3ZOUc!)|F
ʢj�k:=?vVuR�2MĔ�yk�.NE i {6-~�
�clw�Q�(Sa��$-zbeۆnKlx0c�RȔ&=�8
z>SB&Դ5˓4-i^�Eqj�i�e�ʒ��~@a' ۡX#�ě�_.6G8
(OMkzisy/P{~%3(:r2iEv�e(5�Au�)�AB|Hy��m1�J�g��+y--E#]}+
iǂa|x"��R̅)�C��x��9 EuX.gTk��+tt��Y؍NjFڰq�;eΫ�>|m���v�,KKN�5!WC1lyRѵl�b�dNƔ��@95~@ϝ�)|i�;�S<6l�M��`�"����(\ ?8~I-#A�ɼ��}g��7o��m�T�=e>d>IАZ�=ty8!�-_ݷ͆ؓ9̆{Jǻoc Ǯv'ۻw�}Zؖ[q*ApMG<3�Ҁ�I1M$�ZQH�**s攤�v�X�Њ�&�b:`@Ɍ7#Gҁ;&-3(��m3F
߸_2{K#�N7K}{�U"F�O�4v�7
]ekw}B%u�J+z9nwZh�p;T�%%դYȁIQ�)"y�6Kh#jv.b;+�&bidO1\C|Syg!,d���a���зF�ؖra��L��d�OC%�7˶˷Fp7�*gcc3/F#xk��O(6-l�@|Pp/�h(0i�ajcZoIqj��ulD[/'Ɏ?7e{cA�|3
e�\1kp௩_Lo,)���B�i{\nEa�Q(^ h�ލ|�"�t�(u�©�KݴC&3ˁUmc\ѹSMmU}yWwށjQc��),$}3>|{���<\|{"U�ynƔ*u�`9��DGqnԙ�2�v<.�|Q6?6_�+b;1F@Lj=:W~�/W�߱X@/�̸c҃n�f$�g^�;l S:vm��"[ܶW�.�c=<+1�';INvwVΚٟ��N=e;cP?ԭKCD��w�
ӧhaEKX+@=I8Xpe6
�ym\W&b
<�vZn
ղr9x'Cq�$ܥea@.X�j�ȆcEكҷIl�D�bc!��:@2jb�Խ�r�͐ׄH��JZ19茷T8NymY첎<��h6dp1;Ox�HӨW�5ӓ��y#��?b[H1AY= L.GXv=Xj03.�HES}4fR
St<@=�Iqe�X
TyaT_�Ï�];0�<�㉳ ˆ�G{�c�>���U!�`m5%mbےCVy/_E*>z�M_IU%6}T0"�2~[`J=ǚtL;�_as<[�b�C�r$�I8=�$�$0I� �L#W*ZݔJF}��@�,�g"��}K:!/P��Uے6Fh��f'�G,LpoTss0,L/Eʥ�1YO9 8R&�8f/ʪĶ|
$%"2ܘ*/Er9cs7t}֥Zt:8�:vϹmJGY�y ]}T:s�\��kj=ϖ�!��VG�
9 /y+��x#�d믂"_�q{�<5_�t)q8�챬%`-Cb�O�,�=mk�05(&4faw1$:Kyh�Vj�k�9Gx{G~NilD�h#ڿolo:b/\;\g��k�MtB܈^WcODKql�Y�}̡lTT2Os̗ۡ�pA_Q`�O�,�q�x">kI{-%0�!Ő|)H�R{1 t9
�[�]Z��TBw;�K=�j-ڒ<*လw.�0[@♦9$����ۍԜP�ۓOG
�[6k{3�>PJp�ѧa S�JWx�?}=�<�,�cnnVoC2xu6,Rtуt3_(/%��*�W�=�\G떍7EL.l88"qS<ҍu�"�cJ�6Fxc#akD� 769_�͗!W^\3#�חS7d[[-'˟�k���|[+�{O4hhCj�o8u/9�Χn��Z4EU@s>ۉз�2B
Ry\_3ϼ�[ ��H��H?�[J5p�%| (�Rbcw6Ck6��+��ѩ~k>Ƴ�E|ˉ$.� 9."�Αkr?�G�S|ߥ��yOAa.\�c�ޖ.F<>gs6Fw fcNsclnRK{0�0Yԙy5.�(c�azDwW'�WH� hRK*J3|6?ͥ;jE:w�sttI]ϦM)QSXOdV�B")HCBjJ=�Ezv7}K;.�d�~dx]gǏ�=/0K6kD�0"s�&p�8DjH؈M�}sG瀩mM��3eHz��x#?�akؕ@��a�=�x�F��Y)�p��4Z`�(Ji!�]0v6n\�i/KsUC{tn�wXWKIܲkـRV�J
5p~;#�7�m乞n]q_��P](��ȷ \/Wse`Ⱥ צK�'Sh�~��d6֦#<^I�I-�ڦ/h
`|F0��
c�l�ӭ8]#y=�&Uֿ忍#+t��)ۼRrwjr�,eOۺ
��؆_�?��MZTˬ�kEQ3
ƹ)�;{7kb,�k�V\KP2UQT�Ko�p@$1J` =E�t�^&]ݽ]|G\[ܺF&?� _�w/K{~i��O�T_ݷ$=XB̫ײd=I˜�� ,�q0�)Zbp6�]}�r�Ecbzt2�6��]�^ﲭR0��͝~Ke�`S9cGi=�2݀W*k+Hm�9Tm.-�g'`�YH鎸:�[2Hcb|�/}~�F?� 3,M?C"��l]�=Mu�*b�m0B~�LuM|z}�#o?n�'Su(,1�N|#�a6� �߉L>�Z�Ytĕ' �2y(�.D�x8�j
ݺ�g{w0{[���$Ŕ][$�wv;"(W�#=��t�_�Wtxyl?]<@X(R��\q1��odEPX�8!K�hXFu~�rmb���}�pDq �v/\zBYm�ӶaUĤ�A�҂�B<�w�ĨW\mwH`�X�W�k�+��#,�/[b֪��Z�"�'"�KI�H ^X0�dh�D]dbɤ8~ p#(YL3^�z4jsq̙Tl�/ZNt]DkcΩхZMWWs.�1�
vtAj-bYA-c�2Ʒ^Z!tOpkBxvP:IU�3H>PSr�uUH*4h 9VHq5&@
�mN�hC��~<�Vz^3!x�Vy
�k�+mLt_8OX_q�=o7ݛ�C57:US�Ñ;7��÷FE�����Hu%m.Mf��'MQJ#gx�ܚp�NBO�.dړG�F^NF<2JE+;o?z�gWl�0q�a-�>(BAdP��O�Z�� @�xl9
sXd7�Mw=;83%҉3$�b�
D�f��0s{EMF^[5X�lD'HWDnJ2\kV*^Dyj g&��?qbS~fb�+KNR��0̊|�Ux[hh�wQfg1q8��Twt� Q+�|G,_[�J�FVM��L6X��@^Q=@!�Kw0�?V_ŌVS\>dFkYFS�O15�q�E
T��Ѝ�B9Ϫ͒;IoP}sY?e=a
�'�2u?|{~�BJ{=Lm~C#hM-ãKÇ|U:�qj|%wE�ܶi��#:�'�b$1E8�:ћWZ-=�Gã�_
�6a^FGZq)G)Ї}o
,ӴiLRO�= n3ϸ��9C�}��
roE�VIv# ,@�3E슍B��c��"�p4;ם�V\tgsG��@F�嵅DG%�/��?�ыgOwjL��� (�]AfM�O_�xtT$l.�3.��g�CL�����WC<
l
� \Z�P4cw�?�0�+{C~b�#:�́
�ZL��;ӂF$Є��GcOs?�3Uϸt:�sx�XҚ�����^C. ,
;ƢK
1-LcW`�x��a9=75�Q](1^|a|u/��#@[?b �6C��;b<1cbH�cX��Q�@ƀ�Ct]\��P�"@H��>S�|�??�!�R)Qw30^�grnp��0"(3[��]ă04]w7qw�6+נ�51��
1/�YG7`C[�5E�Y|ob�p� ?ETnN���L љr����H$`x=9~im6txa~X{S�dG`�!���b�J])IdR�|:TJ\g�ޕa)걪VR)�/?�(^�;Ue"�=Mɕ@*�Z���Șq�/ٷ�@�0>6#`;7C��grһ"-rrǣUr]Y�OHa[+�M|폺Uwzǽ'UbPhX>hbv>4m+L�xte$AN.Z�f)NLk4�W;ˁWβ�}Q�X\m���Ó0?���E_VC�ĸҫceW?fz
[Up
Ϗxu3�_,L!kHw��
��r:fsLz(8j67a\nq���4ħ�Yx@z�B32[E�YN�(S�S~�Wˏ[@�rʑ�ۀv'�ʏח�~Nr�>?BB.4r_7^C9/4?s?Cg�,�>hys��~s{�993>3� �/�1>Ar�ߧ}�}5_�^55u�u$!(oY��NoR�8G9B(^*U�y׀a uqS�9@y�Jˡ*,c/s\-���*sҿw2~62A^�u
CFW\=o /d`cn-:�v�ņ^_�e)b�AR̥-c�C̄[3;�=��*9�݆.۔wH[0`\Yݩ7�xЧ~]�xZLܸ2poQ^"�#�"�@acN,F�Fs�U?f�69x�|fOC�vHu6lﰇ|(O�6Tq<��5RYu8� %�
H-M��׳pNzQ?аsW�32_
NW+
7\xќ�8w&,7P7ma�I�H5ZUj;�"���#�^rAMjJ]N��lժ~\��,)g
�/(�@#غ7M{%}C7":fȳRLq�
�u+�J�!'\B�x'�{�!R2f�dof�2E
aw8a+h;r�I �Y8P&`!��؞.F^G$�&$w�� cҬcť��6�%dή�1v�u̿6гY*p&H#ӄ�YBD˼���hbգ�h9ĉ;e~�O�?g��b�+3�b^:%�3!�Mť{6��Tx| "e*�G�)��(��ep-�c2O-�5U,%O|u��`�|!�R0BRhfNY{?�/�C唠t�o�!^ȇu�T`a\m�8NÊI�8�q�0�&[�/`5qʩ�f\)">�w.42�
§On3 &�`T$4>�t Ccjd1Ck��+#͙P<�b���ՍPKw�o�_um�a?�>V@U}��Ì#�1*�#1HXY/op�tѷkd9HZ�=�I�*4UM$f�ِu�?6aNm�&� smq�o
}c*u b9?���"ㅰx/�ѝkO��8H2Gd!᳤c9"3>��(��"nty9�=�|^[zQؗ�G@1agG�Q5R^vȥIG[=$sDJrE�)ߠ(b/<%���* >=.�X&";�>m�<'6}Ju;Jx5��|�j;;�1�TeΝ[aYѶ��y
S�O~j]�O(#o��珸6x��}�҂ .^pkUvy*3*>`H�A1YDKu!AY�?_�vs[>/R`p <Щ�1T\bգJʶ�E9b�릍
�Ѩi�pKTؖEn��dS^moymOEmY>m�Ѝ5�O1ngNb�k�*�χŀ�{̾1�^f#9uVOed�g)�dr̅�2 !ɴyyU~ҥ�N�.I,g`aQd+$*)�ؐ��W
���k`4bV@��1,F�,�o�ԟ�N*)As�a#�El���[ApV7�.]2�8Lg��3E~2㡺_0�U9um�j ֺW6x�ozc|�[D,5ba:(��=� z�Bk|XK�]s.&tԵa}ar8Lt4Q3|�J�Km)轇�ȝoz�^ɴ�j}�X��Z# *f"��ODNű<<�*IDy�)�V�@��ȟ$�3}E.t�ʢ^@ђ�uzWN��J]tEg0�m\}!l6{n&_1�!�?[e6TRA$7}M1�ec*d_)K�]jq[OE(~
�)#U:M\"�Zi/!zRMC39U�2k��+&|&�R2ֱeRZ`l/Z6w??,��
|
Network Security & Hardware 
