A hacker group released a tool called Goolag Scan that uses Google to check web sites for vulnerabilities to attacks from hackers and other malcontents. How does it do that? By scanning your site for passwords, personal information that could be used against you and areas where your server is vulnerable.

The tool was released by CDC (Cult of the Dead Cow), a hacker group that first crossed people’s radars when it created Back Orifice, the software that first demonstrated the vulnerability of windows based PCs to hacking. The tool can be used by hackers and regular sysadmins alike, meaning that like Back Orifice it is a double edged sword.

The recommendation by computer admins in the know is that once you use the tool you should make changes to your system immediately to protect yourself from black hat hackers using it against you as well. Goolag Scan presents its results in a handy list format with plenty of clickable links to the sensitive information and lists of vulnerabilities it finds.

Goolag Scan performs over 1500 queries that are fully customizable by the user. It is based on the Windows .Net platform (sorry MacHeads) but it finds information and weak spots in all systems. If you are a Mac user you could have someone else help you by scanning your sites from their system and sending you the report. If you are a Mac user running Windows via Parallels or Boot Camp you can use it yourself.

The basis for Goolag Scan is a concept called “Google hacking”, first pioneered by a hacker using the handle “Johnny I Hack Stuff“. The results lists includes such category headers as “vulnerable servers,” “sensitive online shopping information” and “files containing juicy information.” According to the CDC this is the first time a complex hack such as this has been encapsulated into a simple singe use tool.

Source

Related: