goolag.jpg

Well, the cDc (Cult of the Dead Cow) has resurfaced. Not that they ever went anywhere. Just, in terms of the mainstream media it has been a while since Tod, Laird and company have been in the news. They first gained notoriety with the release of the back door application “Back Orifice”. Just this past week they released “Goolag“, a tool to make Google hacking even easier than it already was.

From GCN:

Goolag Scan runs with Windows, has a good graphical interface along with a library of about 1,500 carefully crafted searches that can reveal sensitive information about or from queried Web sites. The tool is neutral; it can be used for penetration-testing by administrators and application owners to identify weaknesses or by hackers to find vulnerabilities to exploit.

“Tools like this scanner are a wake-up call for application owners,” Shulman said. “And that is a good thing. The issue of data leakage into search engines is a big issue.”

The Cult of the Dead Cow has said much of its research in this area has been against government servers where it has been able to turn up sensitive information that has been unwittingly exposed.

“With a lot of script kiddies having this tool, I think the government can expect a rough period of headlines,” Shulman said.

From the cDc press release:

“It’s no big secret that the Web is the platform,” said cDc spokesmodel Oxblood Ruffin. “And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for web site owners to patch up their online properties. We’ve seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large web site, I’d be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious.”

Article Link
cDc Press Release

[tags]Goolag, Google Hacking, Cult of the Dead Cow[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.