McAfee automates Google hacking. McAfee has released an update to its tool that uses Google to automatically search for security holes in Web sites.
Published: January 10, 2005, 12:36 PM PST By Robert Lemos Staff Writer, CNET News.com SiteDigger 2.0, delivered on Monday, looks for information about a Web site's security by sending specific queries to Google's Web database. Known as Google hacking, such searches can turn up easily exploitable flaws and sensitive information, including credit card numbers and user account information. The free service should help Webmasters stay informed about what information is out there regarding their sites, said Chris Prosise, vice president of worldwide professional services for security technology company McAfee. "We built this tool really as an awareness tool," Prosise said, adding that SiteDigger highlights problems that Webmasters might otherwise not know about. "As a victim, you would never really know that someone was using this information." SiteDigger does not discern whether the person using it is an authorized administrator of the site or a potential attacker looking for weaknesses. Prosise agreed that this means the tool could be used against a site, but pointed out that Google requires that any user of an automated service sign up with its Web services development program.
The only easy day was yesterday.
...some do, some don't; some will, some won't (WR)