How to search Google for your next hacking victim

Have a look at what's in your URL and SEO.xml; you might be offering hackers the key to your site

By  

This morning I posted a piece about an Australian security guy who found an unencrypted list of 300,000 customers of Groupon stored on the server of its Indian subsidiary SoSosta. He was searching for data for a site that checks to see if your email accounts have been compromised by searching Google for SQL database files that were accessible online and had keywords like "password" and "gmail."

If he can do it, so can whoever would like to get into your site.

McAleavey offers a few tips and pointers to more detailed warnings and configuration guides.

His biggest point is that Google is a huge danger. It's that webmasters who don't know what data are available on their sites are at fault for thinking "security" means locking the door and leaving all the windows open with a good solid ladder on the ground underneath.

Then he falls in the LulzSec trap of using silly boat-metaphor puns to make your point – an error that's regrettable, though unavoidable, and for which he makes up by using the word "poop" in an otherwise perfectly serious and informative post.

Nice touch, Kev.

" Bottom line: If you don't want pirates on your poopdeck, remember the golden rule. If it's ON your website, it's there for the pickings. Do NOT toss your company's wallet on the sidewalk and expect it to be there intact the following morning."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness