Slashdot Mirror

← Back to Stories (view on slashdot.org)

The "Google Hack" Honeypot

Posted by CmdrTaco on Thursday August 4, 2005 @08:30AM from the so-many-malicious-robots-hitting-us-every-day dept.

An anonymous reader writes "On the heels of Google Hacking for Penetration Testers, and Johnny Long's talks at Blackhat/Defcon over the weekend, comes the "Google Hack" Honeypot, a honeypot designed to lure in malicious search engine activity. They had a second release of their tools on monday, according to their site."

2 of 108 comments (clear)

Min score:

Reason:

Sort:

Huh? Not all of these... by sH4RD · 2005-08-04 08:38 · Score: 4, Interesting

GHDB Signature #1013 ("SquirrelMail version 1.4.4" inurl:src ext:php)

How is that a problem? Look at their demo page. Whoopdeedoo. Now I can stare at a SquirrelMail login screen. Still haven't gotten access to much of anything that I'm not supposed to. Heck, there are plenty of websites offering e-mail through SquirrelMail. Whatever...

--
WASTE - The Secure P2P
OK, I'll admit my density. by idontgno · 2005-08-04 08:46 · Score: 2, Interesting

What am I missing here? A honeypot attracts would-be attackers with a false target to allow them to try their every wile against the honeypot while the pot's admins record every move.
How do you honeypot Google? I'm fairly sure the nice folks at GoogleCorp aren't going to let you stick your honeypot in the way of the real thing. If the hacks in question are just malicious queries, how do you get the 1334 hax0rs to use your oh-so-attractive honeypot when every schmoe can type "www.google.com" into their attack script?
Where's the flaw in my thinking? If you're not honeypotting the search, what's left?

--
Welcome to the Panopticon. Used to be a prison, now it's your home.