Characterizing Google Hacking: A First Large-Scale Quantitative Study
نویسندگان
چکیده
Google Hacking continues to be abused by attackers to find vulnerable websites on current Internet. Through searching specific terms of vulnerabilities in search engines, attackers can easily and automatically find a lot of vulnerable websites in a large scale. However, less work has been done to study the characteristics of vulnerabilities targeted by Google Hacking (e.g., what kind of vulnerabilities are typically targeted by Google Hacking? What kind of vulnerabilities usually have a large victim population? What is the impact of Google Hacking and how easy to defend against Google Hacking?). In this paper, we conduct the first quantitative characterization study of Google Hacking. Starting from 997 Google Dorks used in Google Hacking, we collect a total of 305,485 potentially vulnerable websites, and 6,301 verified vulnerable websites. From these vulnerabilities and potentially vulnerable websites, we study the characteristics of vulnerabilities targeted by Google Hacking from different perspectives. We find that web-related CVE vulnerabilities may not fully reflect the tastes of Google Hacking. Our results show that only a few specially chosen vulnerabilities are exploited in Google Hacking. Specifically, attackers only target on certain categories of vulnerabilities and prefer vulnerabilities with high severity score but low attack complexity. Old vulnerabilities are also preferred in Google Hacking. To defend against the Google Hacking, simply modifying few keywords in web pages can defeat 65.5% of Google Hacking attacks.
منابع مشابه
Java Security Architecture Revisited Why the Google Book Settlement Failed ‘ Natural ’ Search User Interfaces Hacking Cars Modeling Chaotic Storms
متن کامل
A Survey of Various Security Issues in Online Social Networks
The most emerging communication medium for the last decade of years is Online Social Networks (OSNs). Online Social Network makes the communication quicker and cheaper. Facebook, Twitter, Google Plus, MySpace, Orkut, etc are the various existing online social networks. Among all the online social networks very few could turn the attention of the people towards them. However, all these social ne...
متن کاملHacking of Passwords in Windows Environment
Hacking is so simple! Not only the operating system‟s loop holes offers opportunities to hackers but also the applications like Skype and Google Chrome developed for the operating systems are quite attractive to hackers. In this paper I present the various ways in which the passwords like user account‟s passwords stored by the operating system or the passwords required by different applications...
متن کاملCharacterizing the Flammability of Storage Commodities Using an Experimentally Determined B-number
In warehouse storage applications, it is important to classify the burning behavior of commodities and rank them according to material flammability for early fire detection and suppression operations. In this study, the large-scale effects of warehouse fires are decoupled into separate processes of heat and mass transfer. As a first step, two nondimensional parameters are shown to govern the ph...
متن کاملHacking as Transgressive Infrastructuring
This paper applies the theoretical lens of infrastructure to study hacking practices that take issue with large-scale communica tion networks. The paper analyzes a series of hacks targeting the Global System for Mobile Communications (i.e., networks for mobile telephony) carried out by a cluster of people af filiated or sympathetic to the German Chaos Computer Club between 2001 and 2014. Thes...
متن کامل