A reader asked me months ago to talk about the threat of ´Google Hacking´ to an organization, and asked if I used ´Google Hacking´ in any of my risk assessments. In short: hell yes. If you´re not attempting to do any type of reconnaissance with Google on your organization or clients, you´re setting yourself up for a very unwelcome surprise down the road.
What is ´Google Hacking´? In short, it is using the Google search engine (http://www.google.com) like any other tool in your toolkit (nmap, nessus, etc.) to look for vulnerabilities in systems. Google is used for nearly 50% of all web searches on the internet. Sip some coffee and let that statistic sink in for a moment.
I´m going to give you three very important examples of how you can use Google in risk assessment activities. There are too many ways to list them all here, so I would encourage you to pick up a book or two on the subject.Read Full Story