[LINK] The Register - Google as an attack engine
Fri, 30 Nov 2001 09:23:11 +1000
The Google attack engine
By Thomas C Greene in Washington
Posted: 28/11/2001 at 12:25 GMT
Some clever empiricist appears to have been abusing Google to attack Web
servers, switches and routers in a novel way, by crafting search terms to
include known exploits. Such a search will occasionally yield active Web
pages used by administrators. On top of that, a number of them have already
been cached. It's reasonable to surmise that a hacker has been using Google
not merely to search for vulnerabilities, but as a proxy to hide behind
while executing attacks.
This is only moderately novel. Back when SATAN was young, Richard Farmer
(the author) mentioned in a security paper that a great many systems
administrators were careless with login information, and that somebody
patiently using a search engine could find login lists that had been
accidentally left where the search engines would index them.
Here, we have a similar occurrence. This time, the systems admins will have
forgotten that the ubiquitous embedded "simple to administer" Web servers
are just that - Web servers. And that unless you administer them, they'll
respond quite happily to things like search engine robots.
For activities like router administration, I will quite happily throw my lot
in with the CLI advocates: if you enable a router to be administerd by
dummies, then it will be administered by dummies!