My wife says I’m great at searching the Web. I can find anything, she says. Well, I’m not sure I agree, but I have found a lot of fun stuff on the web by learning about searching, especially google tools. My friend and the co-author of this blog Bob Cromwell has turned me on to some of those techniques.
Recently Ars Technica reported on a US Government warning about information available through google searches. The techniques are well documented at google.com and other sites; all one has to do is know what to look for. Here are a few of the “sophisticated” tools one can use on google:
So, how might someone use these to find something interesting? Well Watchthiscam.com blog shows how to find webcams this way.
Bob’s site has some good examples.
It is also fun to see what people have as spreadsheets. Try searching for
But be wary of clicking on any files that might have executable code! You could also get creative and look for “SSN” often used for “Social Security Number” and so forth. The sheer universe of opportunities, and the lack of security at many sites combined with the (hopefully unintentional) sharing of files that should be kept confidential, is probably what lead the FBI and DHS to warn about the dangers of these searches.
These searches are sometimes called “dorks”. Here is a site with lots of them: http://www.exploit-db.com/google-dorks/
The point is that there is a lot of stuff shared on the web that shouldn’t be. You might try googling for stuff you think you’re not sharing. You should also try these dork searches on your organizations sites. Hopefully you won’t find anything, of course…
It is beyond question that there is a lot of information out there that shouldn’t be. Confidentiality is an important pillar of security, but people have to know that by default some things are made public. Unless someone tells them to check, they are unlikely to do so. Participants in Learning Tree Course 468, System and Network Security Introduction know this, and I suggest you take the course to learn more about information leakage and confidentiality.
What interesting stuff have you found on the web?
To your safe computing,