Slashdot Mirror

← Back to Stories (view on slashdot.org)

Googling Your Way Into Hacking

Posted by CmdrTaco on from the don't-be-stupid-here-people dept.

knifee writes "New scientist is running an article explaining how hackers can use Google's cache to quickly hunt down sensitive pages, for example, by searching the terms "bash history", "temporary" and "password". Might be worth looking at this tutorial about robots.txt if you think you might be at risk." That's pretty amusing.

11 of 431 comments (clear)

  1. use deflection in mod_rewrite to keep crawlers out by stonebeat.org · · Score: 3, Informative

    It is always a good iea to kep the robots out of anywhere there is sensitive information. i several methods for added security. robot.txt is a good way, but i also the deflecction technique in apache's mod_rewrite to keep the crawlers out.

    --


    Consensus is good, but informed dictatorship is better
  2. My favorite... by inertia187 · · Score: 5, Informative
    My favorite Google search phrase is:
    "Index of" "Name Last modified Size Description"
    Then you add file extensions or other things. For example:Anyway, as you can see, it's pretty effective. Sometimes admins wise up, and all you have is the Google cache. But sometimes they don't, and you get to look. Thanks Google!
    --
    A programmer is a machine for converting coffee into code.
  3. Re:This happens because of dumb admins, not google by dan14807 · · Score: 5, Informative

    > The first thing I do when I log onto a box is link > bash_history to /dev/null

    unset HISTFILE

  4. Re:My favorite... Searchlores by sICE · · Score: 3, Informative

    If you like this kind of tricks you can find dozen tricks like those ones and betteron Fravia's web site SearchLores.

    --
    -- search the web
  5. A little bit OT by edmz · · Score: 3, Informative

    Not the same kind of "hacks", but more than one might have missed that O'Reilly published recently Google Hacks. Mostly targeted to webmasters or "power users".

    --
    This paid my last vacation, it mi
  6. Re:This happens because of dumb admins, not google by SeanAhern · · Score: 4, Informative

    ln -s ~/.bash_history /dev/random

    Whoops!

    You meant: ln -s /dev/random ~/.bash_history

  7. Google Hacking Tutorial by hohokus · · Score: 3, Informative
    while randomly googling for "index of" and ".bash_history", i found this, which may be amusing:

    http://www.smart-dev.com/texts/google.txt

  8. Re:robots.txt by UncleOlethros · · Score: 3, Informative
    According to my experience with my webservers, Google will request robots.txt frequently as it spiders a site. And yes, they do remove pages from their cache based not only because of new robots.txt entries but new META tags in individual pages.

    If you can't wait until the next time Google crawls your site to have your information removed, you can always use Google's Automatic URL Removal System. Details are available here.

    A few months back I updated all of my web pages to include the NOARCHIVE META tag. I then submitted my site to Google's Removal System and within three days Google had crawled everything and updated their database. The result was that my pages were still searchable, they just weren't cached.

    As you noted, though, there are plenty of robots that do not obey robots.txt. Google may be conscientious, but others are not.

  9. Re:Oops by clary · · Score: 3, Informative

    Nope...doesn't pass the LUHN check. See LUHN Check.

    --

    "Rub her feet." -- L.L.

  10. Re:Entrapment by PenguiN42 · · Score: 3, Informative

    Also, entrapment is only illegal if the law officers used fraud or undue persuasion to cause someone to commit a crime -- so much so, that an ordinarily law-abiding person would be compelled to commit the crime.

    Cops can tempt criminals to commit crimes, and even initiate or plan out the criminal act (ie, buying or selling drugs, offering or buying prostitution, planning a bank robbery heist). None of this is entrapment, unless their actions would have cause a normally law-abiding person to commit the crime.

    If a cop tricks someone into unintenionally breaking the law, or harasses them so much that they eventually cave in and break the law, or threaten them, etc, it may be entrapment. It's actually pretty subjective and up to the jury, usually.

    But a lot of misconceptions of entrapment abount -- ie the ever-popular, "if you ask them if they're a cop, and they say no, then it's entrapment." And also the misconception that entrapment is a crime and can apply to non-law-enforcement. It's not a crime, it's a defense against being charged with a crime. (Well, unless you perform a crime while trying to get someone to perform a crime -- that's still a crime)

    For a somewhat inflammatory discussion, see this: http://www.libertyhaven.com/politicsandcurrenteven ts/nationalbudgetsdefecitsorspending/lawdeceit.htm l

    I had a more objective look at it, written by a lawyer, but I can't find it.

    sorry if this is off-topic.

    --
    The following sentence is true. The preceding sentence was false.
  11. Re:robots.txt? by cpeterso · · Score: 3, Informative

    http://www.vamos-wentworth.org/robots.txt

    http://www.vamos-wentworth.org/no_way

    --
    cpeterso