Google can't keep secrets
Not afraid of Google? You should be.
We all know that Google is an efficient search engine. However, sometimes it's too efficient. If a site hasn't been carefully managed (and coded), a lot of sensitive information can unwittingly end up in Google's index.
"Google hacking" -- using Google searches as a hacking tool -- is a growing trend, and there is a huge amount of information available on how to use Google to search for sensitive information such as passwords, internal documents, database access, and more, says website monitoring company Pingdom.
Here are Pingdom's 6 tips for preventing Google hacks on your site.
• Keep sensitive information off the Internet -- on storage that isn't even connected to the Internet. Obvious, yes. Easy, no. But do it anyway.
• Be careful how you write your scripts and access your databases. There are numerous examples where a database access error text shows up on a website and contains way too much information. If you are unlucky and have Google crawl your site at that time, the information is public (and cached by Google).
• Use robots.txt to let Google know what parts of your website it is ok to index. However, note that even this information can be used by hackers. If you specify which parts of the website are "off limits," the curious hacker will look there to see what is so sensitive.
• Make sure that the directory rights on your web server are in order. That is, only allow public access to the bare minimum of directories that are necessary for your site to function.
• Monitor your site for common errors. You can set up monitoring that checks for text that shouldn't exist on the page (part of a php script error message, for example). Then you will know right away if and when your site has "messed up," and can take the necessary precautions (changing passwords or whatever else may be suitable).
• "Google hack" your own website. Try out the various searches listed in the Google Hacking Database on your own site.
...continue reading "Don't let Google find your secrets"
ITworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
