- The hacker's best friend

Those keeping up with the news will have seen the sudden interest in searching for web-enabled cameras on Google - all good fun but it does have a serious side: Today I've been able to "shoulder surf" someone using a PC in a hotel lobby and seen the screen of a shop till (although the resolution is nowhere near good enough to read the credit card details yet); there are also cameras watching doors to secure rooms so how long before you see someone punch in the door code?

Although the ability to connect to web-enabled cameras has been around for years, the advanced search technology at Google allows you to search not only on page text but also part of a URL as well as page title - if you know the specific directory and file name for a web-enabled device you can search and then connect to it. For example, to find Axis CCTV cameras the search string would include the partial URL "view/index.shtml". As well as cameras you can connect to printers, video conferencing equipment, anything running TCP/IP and with a web interface. Of course this includes security and network appliances as well.

As you can imagine, there are a huge number of things you could search for, for example how about URLs with "secret" directories or directories with incorrect permissions? Such as '/.password', '/cgi-bin', '/tmp'. Not to mention files such as ‘config.cgi’, ecommerce system files and content management systems.

This got us thinking, surely nobody these days would store customer or user details on a web server? Or if they did they might try to be clever by choosing an obscure directory name. They wouldn't use an HTML page, but they might use an Access database. And spreadsheets are great for keeping financial information so why not put that on the web site?

Search in Google for partial URLs containing words such as 'password', 'users', 'contacts', 'userlist', 'shop', 'payments' together with suffixes such as '.mdb', '.xls', '.txt' and we guarantee you'll get some interesting results.

So when undertaking any security test involving a publicly accessible web server you can now search for vulnerabilities on Google and also check whether their security cameras are open to prying eyes.

For more on information security see Insight Consulting.

 

Written 13/01/2005. Copyright northfell.com 2005