14 DAY TRIAL // One needs not be a genius to scan for vulnerabilities over the Internet and afterwards exploit them for his own benefit. Not anymore, anyway, as the hacking group Cult of the Dead Cow (CDC) launched late last week its automated scanner, dubbed Goolag Scan. Sensitive information, passwords, server security flaws, you name it, GS finds them, with Google's unwilling help.
The way CDC presents its software, it is a wakeup call for sys admins to patch the holes in their leaky sites before it's too late. "It's no big secret that the Web is the platform, and this platform pretty much sucks from a security perspective," said CDC spokesperson Oxblood Ruffin, in a statement. "We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large website, I'd be downloading this beast and aiming it at my site yesterday."
While not being very modest about their work, the Cult of the Dead Cow team also mentions that it is the first time ever when vulnerability searches have been built into a single and easily operable by anyone tool. The results, according to PC World, are displayed as a list of links that can be opened directly in a browser. The software is a stand-alone Windows .Net application that was licensed under the open source CNU General Public License.
The "Google Hacking" technique that CDC used, the practice of exposing vulnerabilities via Google, was pioneered by a hacker also known as "Johnny I Hack Stuff." Not a very imaginative name, better than going for a variation from the original name, but indeed, hack he did, and now there's the Goolag Scan available for security based on his work.