Day: October 10, 2017

Google dorks, many have heard of them but few know what they are. Do Google dorks hurt my website? That depends on your website, but let’s first breakdown what they are.

 

Google dorks is simply a way to refer to a refined Google search using special built-in Google features like inurl:crazy or intext:crazy or “crazy” – insane. We will now break down each one and what it does. If you did a search inurl:crazy it will return results for all urls with crazy in them and if you do a search for intext:crazy, it will return all meta descriptions and other text it detects and displays with crazy in it. The third example is the best one, because that will only show you results for the word crazy, but not if the word insane is in  the title or description.

 

How can Google dorks  hurt my website or get it hacked?

Certain files are easy to find using Google dorks, we’ve been able to view web hosts databases, electric grids, things you wouldn’t imagine are connected to the internet. We aren’t going into what Shodan is today, but let’s just say this is  nothing compared to what you can find using Shodan.

We viewed one of John McAfee’s companies using google dorks and discovering a vulnerability that impacted their security. We reported it to Mcafee and the developers of the product and it was fixed. We do find it humorous that John says he loves hackers to hack him, because he gets attacked first with the newest attacks, when this issue has been known since the early 2000’s. In McAfee’s  defense his company didn’t write the code for this software, they simply were using it without a security audit of the code.

With Google dorks, you never access the website, that is if you are smart. Instead, you go to Google cache and anything that happens is indexed by Google and on Google’s domain, so you are viewing a copy of a website that Google hosts. If you go beyond viewing, then you may be in trouble.

Google dorks are powerful and can find all sorts of things that shouldn’t be openly accessible to the web, but for some reason are.

So, are you vulnerable to Google dorks? Hire us and you will find out so much more, like if you are vulnerable to SQL injections, XSS, CSRF, etc.

 

Cabrillo college students have been hacked, which is unfortunate since 28  thousand students  personal details are stolen along with their passwords, names, dates of birth, addresses and emails along with 12 thousand of the students social security numbers expected to have also been stolen.

 

The amount of data stolen in the criminal Cabrillo college hack is far worse than one may think. This affects students all the way back to 2009 and the way students used to be identified was by their SSN, until a few years ago they switched to user ids. This means that 12 thousand alma mater students of Cabrillo college are exposed to identity theft. One now has the social security number of a person, the day of their birth and their addresses along with name. This is all it takes to setup virtually any account online. It is highly advisable that all students get a credit freeze to avoid their identity being stolen. The school has not announced if it is providing identity protection or if it has followed the law and informed all the students about the data breach. They have had more than a month to do so, since the data breach was detected September 5th.

 

source: http://www.santacruzsentinel.com/social-affairs/20171009/cabrillo-college-hack-exposed-40000-students-data