The downside of open source is its very openness. Hackers are using Open Source Intelligence (OSint) to find personal information and even passwords and usernames to plan their exploits.
Organisations like Anonymous and LulzSec have been using Google Code Search - a public beta in which Google let users search for open source code on the Internet - according to Stach & Lui, a penetration testing firm. In Code Search, they can unearth information to assist them in their exploits, for instance finding passwords for cloud services which have been embedded in code, or configuration data for virtual private networks, or just vulnerabilities that lay the system open to other hacking ploys, such as SQL injection.
Google Hacking
The Google service is due to be switched off next year as part of the company's rationalisation of its research efforts with the closure of Google Labs but that does not mean that exposed code on the Internet will be safer. There are several sites which provide similar services.
Google's BigTable is the repository of most things the company gleans from its searches, and searching it for nefarious purposes is known as Google Hacking.
A-Team, a white-hat hacking group which appears to have the sole purpose of exposing Anonymous and its various subgroups, wrote a highly critical, sneering condemnation of Google Hacking.
"LulzSec and Anonymous [are] believed to use Google Hacking as a primary means of identifying vulnerable targets," the group blogged in June this year. "Their releases[revelations] have nothing to do with their goals or their lulz [fun]. It's purely based on whatever they find with their 'google hacking' queries and then release it."
Mark Stockley, an independent Web consultant, wrote on the Naked Security blog, "While the findings provide a much-needed wake-up call to online businesses, admins and developers, they also offer a fascinating insight into the motivation of hacking collectives such as Anonymous and LulzSec...
"Rather than being motivated by politics or injustice, hacking groups may simply be targeting organisations because Google Code search has turned up a vulnerability too tempting to ignore, making them less political action groups, more malicious 21st century Wombles," he said.
The best protection is to ensure that nothing is included in code that is useful to a hacker. If it is unavoidable then the information should be stored separately and encrypted.
Colin Tankard, managing director of encryption and security specialist Digital Pathways, advised, "Obviously if the data is encrypted it protects that data wherever it goes as long as the key is never stored with the data. This adds extra control of who or what application is allowed access to the data. By applying encryption with access control organisations can define who or what is allowed access to data."
Source: eWeek
Just received a check for $500.
ReplyDeleteSometimes people don't believe me when I tell them about how much money you can earn by taking paid surveys at home...
So I show them a video of myself getting paid $500 for doing paid surveys.
Excellent post!!! In this competitive market, customer relationship management plays a significant role in determining a business success. That too, cloud based CRM product offer more flexibility to business owners to main strong relationship with the consumers.
ReplyDeletecloud computing training centers in chennai|cloud computing training institutes in chennai|Best Institute for Cloud Computing in Chennai
Nice article on mobile code security. Thanks for sharing.
ReplyDeleteAn extremely informative and interesting blog among all you have shared. Update it frequently.
ReplyDeleteSpoken English Classes in Mogappair West
Spoken English Classes in Chennai Anna Nagar East
Spoken English Training in Iyyappanthangal
Spoken English Center in Porur
Best Spoken English Class in T-Nagar Chennai
Spoken English Classes in Chennai Saidapet
Spoken English Classes in Adyar Chennai
Spoken English Classes in Mylapore Chennai
This comment has been removed by the author.
ReplyDeleteGreat info! I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have.
ReplyDeleteMicrosoft Windows Azure Training | Online Course | Certification in chennai | Microsoft Windows Azure Training | Online Course | Certification in bangalore | Microsoft Windows Azure Training | Online Course | Certification in hyderabad | Microsoft Windows Azure Training | Online Course | Certification in pune