Tuesday, September 9, 2014

Turns out we're the authors of a manual for malicous hackers

At least according to the Department of Homeland Security...

In a restricted intelligence document distributed to police, public safety, and security organizations in July, the Department of Homeland Security warned of a “malicious activity” that could expose secrets and security vulnerabilities in organizations’ information systems. The name of that activity: “Google dorking.”
“Malicious cyber actors are using advanced search techniques, referred to as ‘Google dorking,’ to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks,” the for-official-use-only Roll Call Release warned. “By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities.”
That’s right, if you’re using advanced operators for search on Google, such as “site:arstechnica.com” or “filetype:xls,” you’re behaving like a “malicious cyber actor.” Some organizations will react to you accessing information they thought was hidden as if you were a cybercriminal, as reporters at Scripps found out last year. Those individuals were accused of “hacking” the website of free cellphone provider TerraCom after discovering sensitive customer data openly accessible from the Internet via a Google search and an “automated “ hacking tool: GNU’s Wget.
But this warning from the DHS and the FBI was mostly intended to give law enforcement and other organizations a sense of urgency to take a hard look at their own websites’ security. Local police departments have increasingly become the target of “hacktivists.” Recent examples include attacks on the Albuquerque Police Department’s network in March following the shooting of a homeless man and attacks on St. Louis County police networks in response to the recent events in Ferguson, Missouri.
Read the full article @ arstechnica.

Wednesday, September 3, 2014

Monday, September 1, 2014

If You Use an Old Browser, Google Searches For You Like It's 2011

Over the weekend, a user called DJSigma posted on Google's official user forums:
A few minutes ago, Google's homepage reverted to the old version for me. I'm using Opera 12.17. If I search for something, the results are shown with the current Google look, but the homepage itself is the old look with the black bar across the top. It seems to affect only the Google homepage and image search. If I click on "News", for instance, it's fine.
I've tried clearing cookies and deleting the browser cache/persistent storage. I've tried disabling all extensions. I've tried masking the browser as IE and Firefox. It doesn't matter whether I'm signed in or signed out. Nothing works. Please fix this!
In less than 24 hours, a Google employee called "nealem" had replied:
Hi everyone,
I want to assure you that this isn't a bug. It's working as intended.
We're continually making improvements to Search, so we can only provide limited support for some outdated browsers. We encourage everyone to make the free upgrade to modern browsers — they're more secure and provide a better web experience overall.
Read the full post @ Gizmodo.