Googling for Vulnerabilities
Phishers and other attackers can use Google to find sites with known vulnerabilities so if you thought you could get by with out vulnerability scanning, better read on.
Dark Reading is reporting on work done by John LaCour from MarkMonitor who has compiled lists of search terms indicating particular vulnerabilities in Websites (aka "dorks"):
With the dork inurl:index1.php?go=*.php, for instance, the phisher would enter that string into the search engine. "The search results would return a list of potentially vulnerable sites. The attacker then selects one of the sites and exploits the PHP application by referencing their own remote PHP file for inclusion," LaCour says.
The only way to keep up with the speed at which site vulnerabilities can be discovered with Google is to use vulnerability scanning tools as part of the pre-deployment test process.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
