Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
Back on topic the article title was:
Want to get hacking? All you need to use is Google
In my best paraphrasing, hackers get all the information they need to hack from Google, they don’t actually have to visit the intended site before they start to hack. Before Google hackers had to visit the site to find vulnerabilities but now they can find them with Google. Using the cached version of the page they can get the information they need without alerting the website owners. Some geezer called Danny Sullivan tells it more like what it is, that Google can aid the hacker as well as the user.
This has also been reported in the New Scientist [newscientist.com]
So two very public articles on the street, sort of mis-informing the world and Joe Public. This sort of information can only aid backlash articles and comments we are seeing more of.
I know many people on the street who will misinterpret this so when someone says "why not use Google?" I expect to hear, "No! they aid hackers, I read it in the paper". Before long the brand will be tarnished further.
Could Google alleviate this by removing the caching feature? Not sure, but they need to do something.
Not sure, but they need to do something.
I don't think they do. Hackers have used search engines for ages to search for websites that are vounerable because they haven't been patched properly or whatever.
It isn't the search engines' fault that people don't know how to secure their servers and sites... People just need to start investing more in security.
Other SE's than Google? Where? Surely not. ;)
Google are unlikely to worry about this - hackers can use other search engines as well to find this info (or their address bar). It isn't as if Google created a hacker toolbar or something.
WRT Metro, they have coverage to the public and that counts. If it appeared in the FT in some oscure section I cant see it causing any great "panic" but Metro is all over the gaff with a big reading public.
I found this on my travels, can put a date on it but
Metro (London) remains the largest free regional morning with a distribution of 375,328
More than enough web using public will get that, and that is London only, I got this in town near Birmingham.
To me spam is and always will be UCE but google decided to to call hidden text and anything which is dark seo as Spam.
Search google for spam it does mention hidden text in fact the serps return mainly site about UCE. So when webmaster world members post about spam joe public think we are talking about UCE and not hidden text, it puts WebmasterWorld in a bad light just the same has headlines like "google aids hackers"
Joe public starts saying things like I read if you use google people can hacker you site or computer.
I still can't see how it is "aiding hacking", if you are into security by obscurity there may be a little chance under some rather unlikely circumstances(*) someone who wanted to hack your site, might have a slight advantage. Although removing the cache feature would not stop anyone. The german article also said:
Die dort abgebildeten Seiten sind weitgehend funktionsfähig, das Vorhandensein vieler Sicherheitslücken lässt sich schon anhand des Caches überprüfen. Das gibt dem Cracker eine Gelegenheit zur "Generalprobe": Der am Ende erfolgende Angriff ist dann zielgerichteter und schwerer zu bemerken, als wenn ihm eine Phase des "Stocherns" vorausgeht.which roughly translates to
The [cached pages] are mostly functional, the existence of many security holes can be confirmed via the cache. This lets the cracker rehearse the attack: The finally successful and real attack will be more "on target" and harder to notice, because no poking around on the real site will be necessary.
RE: unlikely curcomstances(*):
The only scenario where the cache would be useful that I can think of is this:
1) the site is using a widely known application on the webserver AND
2) an exploit has been published AND
3) instead of fixing the hole, you try to "cover it up" by making it look like your site is safe, e.g. by changing version numbers, de-linking those pages etc. AND
4) The attackers are checking google in the few weeks between you making the changes, and google updating the cache.
[Without 3+4 any and every searchengine w/o cache will achive the same]
It's just ridiculous trying to make an actual story out of this.
We know that, but your average web surfing geezer (i'll get to that :)) will just assume the worst. If you read something whether it is true technially or not, in a well distributed newspaper a lot of people will believe it. That is the point I am trying to make, that public perception can make big difference whether it is true or not.
a slang phrase for a bloke :), as in he's a bit of a geezer, lad, jack about town etc. You can also be an "old geezer" but that is a little different. You gotta loove the English language and all our slang :)
If you are having problems with the words some of us British chaps use :)
www.peevish.co.uk/slang/g.htm (the second definition is where is was)
This is a mountain out of a molehill - Anyone readin that article - if anyone did, bar interested webmasters/SEO's - will have already forgotten about it... fish & chips wrapping paper 'n' all that.
If you dont wish to belive that untruths can and do have impact take a look at this:
This is the most unpolitical one I can think of or is not close to monster can of worms in subject matter. It was a blatant lie but somehow got onto TV. Factor into a story about being hacked and you can see how far something "could" go.
in all likelihood there will be lots of websites that haven't applied the fix and the hacker can hack to his hearts content.
This is what I said in my post - but I also mentioned that it isn't the search engines that are responsible for updating the CMS systems of the websites that they index.
Even IF the Google cache didn't show anything in the server logs, when a cracker (hacker is the wrong word IMO but I know it is not for some) viewed a page on the site how does that alert an admin to him being a cracker anyway?
'Look Janice someone from xxx.xxx.xxx.xxx viewed our homepage today, we'd better be careful it looks like a cracker to me....' hmmmm...
These are public pages which anybody could be viewing all the time anyway.
Complete rubbish unless I'm missing something.
Frankly, I don't think this is even a storm in a teacup. More like the flap of a butterfly's wings in a concert hall.
Please, no chaos-theory-nonsense in reply.
And now, returning to the topic, it has been said too many times:
A hacker or cracker that wants to enter some site can use the google cache, of course. But what use is this? If she/he does not use the cache, the hacker or cracker will do the same "noise" that a random surfer or an interested visitor. Even, going further, the cache is not allways up to date. A cracker could find holes inthe cache that are not longer in the "true" site and, when trying to enter thru them, get caught. So, if a site is well maintained and frequently checked, then google cache can even be a trap for crackers and undesidered visitors.
Google aids organized crime! It finds restaurants and bars within the gang's area, so they can be visited with threats and extortion...
Google aids terrorists! It provides maps to vulnerable targets, and schedules for hijackable airline flights.
Google aids telemarketers! It provides access to phone numbers.
Google aids Republicans! It provides access to companies who are potential donors.
This is stupider than stupid -- this is ... JOURNALISM. <rant>Reporters who probably have trouble finding the ANY key, who flunked out of 5th grade arithmetic and never even HEARD of formal logic, trying to explain technical details with no tools except a glib command of grade-school grammar and the unshakeable confidence that can only come through total, intractable ignorance of the entire scientific and technical history of the last 6 millenia.