Download Slides - Personal Web Pages

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Versant Object Database wikipedia , lookup

Computer security wikipedia , lookup

Clusterpoint wikipedia , lookup

Semantic Web wikipedia , lookup

Transcript 
By Creighton Linza for IT IS 3200
Introduction
 Search Engine
 an information retrieval system that searches its
database for matches based on a query
 Web Crawler
 a program or script that automatically browses
the web
Introduction
 Search Engine Attacks
 Passive
 Stealth
 Have the ability to use the ‘huge memory’ of the
internet
Main Issues
 Exploits in software used to secure databases
 ‘Simple’ Identity theft
 Little information required to get the attacker going
 Financial threats
Who benefits from this research?
 The Good
 Security personnel
 Individual Users
 The Bad
 Hackers
 Solicitors
Who has worked with this research?
 Founders of Search Engine Attacks
 Oliver Peek
 Kristjan Lepik
 What they did
 Found press releases in advance
 Overall made 7.8 million dollars
General Attacks
 Search for Passwords
 “index of” htpasswd / passwd
 filetype:xls + Search Terms
 “WS_FTP.LOG”
 Web help forums
General Attacks (cont’d)
 Google cache
 Bad for those who thought their problem was fixed
 Google Code Search
 Exploitable code
 Common files and directories
 “index of” “listener.ora”
Database Attacks
 Potentially vulnerable web applications
searched for via a search engine
 Allow for advanced, specific, target-oriented searching
 Use exploits to attack holes
 ‘Protected’ databases found completely
exposed by web crawlers
Oracle Attacks Example
 Oracle servers/database attack on iSQLPlus
 Java servlet that listens on port 7777 or 5560
 If either port is exposed to the internet
 Web server and applications can be inventoried by a
web crawler
 A route to access an internal database is created
 From here, user accounts can be easily stolen
 Do-it-yourself
 allinurl: “/isqlplus”
What can be improved
 Latest updates and patches
 Disable directory browsing
 No sensitive information online
 Unless using proper authentication
 Analyze server’s log for web crawler’s access
 Ask the search engine provider to remove any
necessary content
Conclusion
 Web Crawler program/script overhaul
 Google Webmaster Tools
 More security
 Workload
 WYSIWYG (me)
Related documents
No Slide Title
No Slide Title
Intelligent Detection of Malicious Script Code
Intelligent Detection of Malicious Script Code
Honeynet Project
Honeynet Project
Systems Security
Systems Security
Internet terms
Internet terms
שקופית 1
שקופית 1
Research Areas - The George Washington University
Research Areas - The George Washington University
fly-gfc200c-en-r0
fly-gfc200c-en-r0
dos_nanog
dos_nanog
search engine marketing - DIGITAL SERVICES for Businesses
search engine marketing - DIGITAL SERVICES for Businesses
Heart Attack - Coffee Regional Medical Center
Heart Attack - Coffee Regional Medical Center
Chapter 1 Exploring the Network
Chapter 1 Exploring the Network