not very secure

ajs1976ajs1976 Member Posts: 1,945 ■■■■□□□□□□
I was using Google to research an HP printer error. Clicked on a link and found myself in someone elses webadmin. icon_rolleyes.gif
Andy

2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete

Comments

  • tierstentiersten Member Posts: 4,505
    Yup. If you know the specific words to search for then you can find quite a lot of embedded systems out there that shouldn't be on the internet. Change the display on the HP to something else icon_wink.gif

    I can't remember the exact search phrase but you can find hundreds of unprotected Axis IP cameras out there.
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Yea, it's called google hacking. This type of stuff will blow you mind: http://johnny.ihackstuff.com/ghdb.php

    It's amazing how all of that stuff is just out there in the open.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    just be careful with the so called "google hacking" , so many honey pots out there, you don't wanna piss some people off icon_wink.gif
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Check out my YouTube channel: https://youtu.be/DRJic8vCodE 


  • shednikshednik Member Posts: 2,005
    Nice one andy...google hacking is quite interesting!
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    UnixGuy wrote:
    just be careful with the so called "google hacking" , so many honey pots out there, you don't wanna piss some people off icon_wink.gif

    Of course. I tend to forgo the disclaimers here, due to the abundance of common sense ;)

    You're not going to get in trouble for stumbling upon some login page or something though. Most, if not all of those simply gives you some information you'd need to start an attack. If you decide to take the next step and do something like try to brute-force logins, well, then you're just asking for trouble.

    It's one of those things that's definitely good to be aware of, so you can guard against it yourself. You really don't want to show up in these results.
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    icon_rolleyes.gif

    robots.txt is your friend.
  • KaminskyKaminsky Member Posts: 1,235
    As dynamik says, it's that decision to take the next step...

    The more you know about this whole "net" thing, the scaryier it gets.


    My take on the whole thing from being in it since before html and web browsers were invented (yes I can still close my eyes and see the green screen uni project I was working on back in 1988 on the back of my eyelids .. and whats more annoying is that there is a typo)

    Back then it was all about just getting the technology and the pysical links out there. 20 years ago it was ftp and telnet and usenet... that was it. Everything was text ( BTW that's where smileys were invented for you youthfull people that think theyre a recent invention - also, people used to make up stupid little sound files with the new synthesiser thingies that were in the shops - these were then all grabbed together by some cheeky git (wish I had thought of it) for free and sold as early ringtones for mobile phones....)

    Shared (hubs and bridges) networks around the world back then ... About 200k sites max I think.


    Then came the web and the whole thing exploded and before you knew it your grannie was "surfing" .... I still find this deeply disturbing !

    More companies started getting "On Line" once they realised it wasn't a fad and more companies started linking themselves geographically to the wow and swoon of their superiors.

    Up until recently, it has all been about just getting the technology and infrastructure out there and stable .. ish.... There was little regard to security. If you could connect for more than 3 minutes and it worked... that was a bonus. Once the boss saw it was working, it was sold before the inventors got a chance to even start work on locking it all down... (Bluetooth is a very good example of this)


    Some malicious people strated reading telnet/ftp manuals ... learning icmp and knew IP inside and out and things like that and started to experiment... This is where hackers started.

    (It's not hard ... you can test the easy stages of how they got into this cr*p yourself at work... load up something like Ethereal on the company network and then ping:
    224.0.0.1 All devices on the subnet will respond
    224.0.0.2 All routers on the subnet (if you get a response from this .. your net manager is a ******)
    224.0.0.5 All routers using OSPF (if you get a response from this .. your net manager is a ******)
    224.0.0.12 DHCP Server

    The ping itself will just respond as normal but when you look in ethereal, you can see usefull information and again, start to experiment at work... you won't get in trouble... Ethereal is passive [it doesnt publish it's presence on the subnet] )


    Now those heady days have slowed down and people are still pretty much using that same infrastructure but to a much higher degree (the underlying core technology is still there at the heart of it all) it is the turn of the more youthfull amongs you to start working on tightening the whole thing up and making it all nice and safe for the grannies and their safe surfing ... /shudder.


    The son of a friend of mine is in his final year of a degree in "Computer Forensics" and the things this little guy knows is really scary to us both.... We have no clue how he can do the things he can with the technology we both helped put out there. (personally annoying seeing as when he was not long out of nappies, I was writing a bar code lightpen driver in assembly language)

    He came home one Christmas and told his dad that he was going to phone his friend on his mobile... Being a bit of an over-protective dad, my friend asked if he had anough credit to which he replied, "oh don't worry, I am going to charge it to your phone!" He got upto some jiggery pokery on the Bluetooth and sure enough, my friend paid for the call....... Goddamn!

    Now that all this infrastructure is out there (although now it is working at a bazillion times faster than when we were using it) it is up to the next generation of IT guru's to lock it all down and push it even further.



    This post about what Google can show up just shows how much the technology that has been put out there needs to be learned inside and out and locked down.

    EDIT: Now where did I leave that zimmerframe !
    Kam.
Sign In or Register to comment.