Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Creighton Linza for IT IS 3200. Introduction  Search Engine  an information retrieval system that searches its database for matches based on a query.

Published byMadeleine Casey Modified over 8 years ago

Similar presentations

Presentation on theme: "By Creighton Linza for IT IS 3200. Introduction  Search Engine  an information retrieval system that searches its database for matches based on a query."— Presentation transcript:

1 By Creighton Linza for IT IS 3200

2 Introduction  Search Engine  an information retrieval system that searches its database for matches based on a query  Web Crawler  a program or script that automatically browses the web

3 Introduction  Search Engine Attacks  Passive  Stealth  Have the ability to use the ‘huge memory’ of the internet

4 Main Issues  Exploits in software used to secure databases  ‘Simple’ Identity theft  Little information required to get the attacker going  Financial threats

5 Who benefits from this research?  The Good  Security personnel  Individual Users  The Bad  Hackers  Solicitors

6 Who has worked with this research?  Founders of Search Engine Attacks  Oliver Peek  Kristjan Lepik  What they did  Found press releases in advance  Overall made 7.8 million dollars

7

8 General Attacks  Search for Passwords  “index of” htpasswd / passwd  filetype:xls + Search Terms  “WS_FTP.LOG”  Web help forums

9 General Attacks (cont’d)  Google cache  Bad for those who thought their problem was fixed  Google Code Search  Exploitable code  Common files and directories  “index of” “listener.ora”

10 Database Attacks  Potentially vulnerable web applications searched for via a search engine  Allow for advanced, specific, target-oriented searching  Use exploits to attack holes  ‘Protected’ databases found completely exposed by web crawlers

11 Oracle Attacks Example  Oracle servers/database attack on iSQLPlus  Java servlet that listens on port 7777 or 5560  If either port is exposed to the internet  Web server and applications can be inventoried by a web crawler  A route to access an internal database is created  From here, user accounts can be easily stolen  Do-it-yourself  allinurl: “/isqlplus”

12

13 What can be improved  Latest updates and patches  Disable directory browsing  No sensitive information online  Unless using proper authentication  Analyze server’s log for web crawler’s access  Ask the search engine provider to remove any necessary content

14 Conclusion  Web Crawler program/script overhaul  Google Webmaster Tools  More security  Workload  WYSIWYG (me)

Download ppt "By Creighton Linza for IT IS 3200. Introduction  Search Engine  an information retrieval system that searches its database for matches based on a query."

Similar presentations

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Mello-Dee Simmons Liza Klosterman.  Who We Are ‣Largest community-owned utility in Florida and the eighth largest in the United States. ‣Electric system.

Mello-Dee Simmons Liza Klosterman.  Who We Are ‣Largest community-owned utility in Florida and the eighth largest in the United States. ‣Electric system.
Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Attacks to Databases October 2014.

Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Attacks to Databases October 2014.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.

Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
Introduction The Basic Google Hacking Techniques How to Protect your Websites.

Introduction The Basic Google Hacking Techniques How to Protect your Websites.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Introduction Web Development II 5 th February. Introduction to Web Development Search engines Discussion boards, bulletin boards, other online collaboration.

Introduction Web Development II 5 th February. Introduction to Web Development Search engines Discussion boards, bulletin boards, other online collaboration.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
WEB HOSTING & UPLOADING SITI ZULAIHA BINTI MOHD RAIS PGC070003.

WEB HOSTING & UPLOADING SITI ZULAIHA BINTI MOHD RAIS PGC
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.

By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Similar presentations

Ads by Google