Recognising that Google's search engine can become a repository for far too much information, McAfee this week released an updated version of its Foundstone SiteDigger security tool that helps businesses identify damaging information that may be exposed on the web.
The Foundstone SiteDigger 2.0 tool uses search information gathered by Google to quickly pinpoint potentially damaging confidential data, such as financial records, passwords and personal information on an organisation's website.
Mark Curphey, director of consulting for Foundstone professional services at McAfee, says sophisticated search engine technology and methods for discovering information are proliferating at a rapid rate. "Search engines have become so powerful, it's just a matter of hackers asking for the right thing," Curphey says.
Hackers can take advantage of search technology to get access to critical files through access to password form fields, URLs for network administration interfaces, application server interfaces or database queries.
The freely downloadable SiteDigger 2.0 can find 800 information types, up from 150 types in the previous version released in August 2004. The tool uses Google's web services API to create queries to connect to Google's database of pre-indexed information and search for damaging data.
Curphey cites as examples a law firm exposing settlements from divorce cases, or a power utility company exposing PINs for the door entry systems of microwave towers in a presentation.
Laura Koetzle, research director of computing systems for Forrester Research, says customers also need to determine whether data inadvertently exposed in search engines could embarrass the company or even amount to a violation of privacy regulations such as required protection of records.
"You want to be sure you haven't unwittingly exposed information," Koetzle says.