As security experts warn that search engines can be used by attackers to search out vulnerable systems, new software shows that search technology can also be used to promote security: McAfee’s SiteDigger 2.0 uses Google to learn where the computer systems of organizations are vulnerable to exposure and attack.
McAfee said the software tool, which uses Google’s search index alongside technology from its Foundstone acquisition of last October, will pinpoint information vulnerabilities caused by human error that expose private data such as passwords and financial records.
In order to thwart attackers, McAfee says, you have to think like them. “It’s kind of emulating what the hacker does,” said Todd McBride, marketing director at McAfee’s Foundstone Services.
Googling for Gaps
Foundstone says the new SiteDigger 2.0 will help companies identify information that has been made available on the Internet through data exposure mistakes such as misconfigured systems, error messages or remote administration.
McAfee service consultant and SiteDigger developer Kartik Trivedi told TechNewsWorld that the software guards against threats such as the Santy worm, which last month used Google to search out and infect more vulnerable systems.
Trivedi said SiteDigger will likely include Yahoo’s search index in its next version, which is due in about six months.
He added that attackers are also automating their attacks through search engines. “Not only are we seeing people use Google to find [victims], they’re also using it for more automated attacks,” Trivedi said.
Trivedi pointed to Santy and other recent incidents in which search engines were used maliciously, including a recent link that used Google to find Web cams that were open to attack.
Rather than large, relatively broad attacks on sites — known as “macro attacks” — cyber attackers are now increasingly using “Google hacking” to hunt for weaknesses and target their attacks, Trivedi said.
“Now, with sophisticated application environments like Net and Java, people are doing more information-gathering attacks using Google,” Kartik said.
Tool for Good and Bad
While search engines such as Google and Yahoo have generally improved both the Internet experience and the productivity of workers, they have also opened the door for information exposure.
McAfee said SiteDigger 2.0 would help identify weaknesses in seven categories: privacy, backup files, configuration mistakes, remote administrator interface, error messages, public vulnerabilities and technology profile.
“While companies have become increasingly vigilant about guarding their corporate networks from break-ins, they also need to be able to account for potential human errors with information inadvertently made visible on the Internet,” said Mark Curphey, Foundstone’s director of consulting, in a statement.
McBride said the software was aimed at primarily large organizations.
Sunil James, iDefense’s director of vulnerability intelligence, told TechNewsWorld that there is a wide range of information available through search engines, linked or “spidered” sites, and other Internet sources.
“Considering the depth and breadth with which today’s search engines spider sites, any bit of information residing on publicly accessible servers can be discovered by individuals capable of leveraging complex search engine queries,” James said.
While SiteDigger allows system administrators to find exposures, it could also be useful to hackers.
“The fact that such tools ease the process for administrators to discover such information saves tremendous amounts of precious time,” James said. “However, the tool’s availability to malicious individuals means that it’s essentially a race to see who can identify the problems first.”