Educause Security Discussion mailing list archives
Re: Google Hacking
From: Jason Todd <jtodd () WESTERNU EDU>
Date: Wed, 19 Nov 2014 21:49:46 +0000
We've had Pastebin alerting for a while with great success. One thing to keep in mind is sometimes the pastes are removed so you need to respond quickly to the notifications. Jason Jason Todd Network Security Officer Western University of Health Sciences ________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of David James Anderson <David.Anderson () NAU EDU> Sent: Wednesday, November 19, 2014 13:30 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Google Hacking +1 on Pastebin alerts, they've helped us immensely. -- -David. David Anderson Information Security Analyst, Senior Information Technology Services Northern Arizona University (928) 523-1225 On Nov 19, 2014, at 2:20 PM, Greene, Allen <Allen.Greene () ROCHESTER EDU<mailto:Allen.Greene () ROCHESTER EDU>> wrote: Great tip, wasn't aware that Pastebin had similar alerts. Thanks! Allen Greene | Security Analyst Senior University of Rochester | University IT Security and Policy Office: (585) 275-7335 | Allen.Greene () Rochester edu<mailto:Allen.Greene () Rochester edu> <image002.png> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy Sent: Wednesday, November 19, 2014 4:18 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Google Hacking One caveat is that as Google has gotten more into advanced and customized search algorithms, the results may no longer be comprehensive. In particular, if you set up a Google alert under a Google account, it runs the search under the tailored context of that account and I (and others) have seen many misses of Google indexed content because the tailoring ignores those items. If you want to do Google hacking, make sure it uses a context with no Google account or Google cookies. Or, try to keep a clean Google account that is only ever used for the Google alerts (it can be tricky to totally avoid Google's user metadata vacuum). I highly recommend setting up Pastebin alerts as well if you haven't looked into it. It can give you quick notification of a dump of credentials that includes individuals from your school. One Google hack to consider is a search like: Site:school.edu Filetype:xls SSN (or other words like "social security" "student ID", etc.) Brad Judy Director of UIS Security University Information Systems University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu<http://www.cu.edu/> <image003.jpg> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greene, Allen Sent: Wednesday, November 19, 2014 8:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Google Hacking Greetings All, We're looking at expanding our information disclosure program into Google Hacking. I'm wondering if someone else out there is currently utilizing this method or developed a program around unauthorized information disclosure? I've done a good deal of research on this already, I'm curious how other institutions may have already implemented this and any feedback on their experience. Thanks & Happy Holidays! Allen Allen Greene | Security Analyst Senior University of Rochester | University IT Security and Policy Office: (585) 275-7335 | Allen.Greene () Rochester edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailto-3AAllen.Greene-40Rochester.edu&d=AAMFAg&c=kbmfwr1Yojg42sGEpaQh5ofMHBeTl9EI2eaqQZhHbOU&r=T5oAQXjguSn0bH5SH7HpHqg3stiWKRNzMSNknfVPqtE&m=IHiIQNE7yNhqYLt-t4nZPSLFOOPr_0T7axUQeSRPPAs&s=E7cYRcFq_CeEvO4ta-0np7SjfKDQ6gSpdYlUMsyQMtY&e=> <image004.png>
Current thread:
- Google Hacking Greene, Allen (Nov 19)
- Re: Google Hacking Brad Judy (Nov 19)
- Re: Google Hacking Greene, Allen (Nov 19)
- Re: Google Hacking David James Anderson (Nov 19)
- Re: Google Hacking Jason Todd (Nov 19)
- Re: Google Hacking Keller, Alex (Nov 19)
- Re: Google Hacking Greene, Allen (Nov 21)
- Re: Google Hacking Greene, Allen (Nov 19)
- Re: Google Hacking Brad Judy (Nov 19)