Search Engine based Data Leakage

Transcription

1 Search Engine based Data Leakage Dipl.-Inf. Hans Pongratz Technische Universität München 4th ETSI Security Workshop January 2009 ETSI, Sophia Antipolis, France

2 Threats to Sensitive Data Employee errors (unintentional) Data stolen by business partner or insider Sabotage Outsider threats - malware, spyware or hackers Sensitive data (e.g.): employee personal data, costumer data, internal documents, R&D, accounting, 2

3 Data Leakage Issues Through Search Engines Axel Springer (Sep 2008) personal data including bank account details of classified ad customers were indexed by search engines. Universität Magdeburg (May 2008) database with personal data of students was indexed by google for 10 days. Astroglid (Apr 2007) list of over customers was exposed via web and indexed by google. 3

4 Search Engines Tasks of a search engine generation and maintenance of search index, processing of search queries, presentation of results. Bot / Crawler WWW Search Engine Index generation: manually automatically Request Result(s) 13th January 2009 Hans Pongratz, TUM, pongratz@tum.de 4

5 Which information are indexed? Most search engines mine web pages images files Some search engines even mine databases social networks news open directories 5

6 Google Search Basics 1 Operator Description + Adds words to search query, even those which google normally ignores, like the - Exclude words or arguments from search ETSI Workshop ~car Searchs the exact phrase Looks for car and its synonyms * wildcard, to match one or more words in search or-operator cache: site: cache:url will not display the current version of the page, but Google s cached version. site:url will only search within specific website or domain. 6

7 Google Search Basics 2 Operator intext: intitle: allintitle: inurl: filetype: daterange: numrange: Results will be restricted to those containing query term in the text query term in the title all query terms in the title given word in the URL particular file format, e.g..pdf,.xls or.doc data, which has been created or modified in specified timeslot. numbers in specified range 7

8 Google Hacking Acronym for the use of search engines to find attack vectors, privacy or security issues via search queries. Examples for information that can be searched: server vulnerabilities log files error messages with too much information passwords stores directories 8

9 Example Queries Search Object internal docs price lists confidential pricelists web cams Apache error Search Query "internal use only" site:yoursite.xyz (pricelist "price list") site:yoursite.xyz (confidential "internal use only") ("price list" pricelist) site:yoursite.xyz intitle:"active webcam page" site:yoursite.xyz intitle: apache tomcat" error report" site:yoursite.xyz More Google Hacking clues and queries 9

10 Some examples on relationships between search engines Try more than one search engine! 10

11 Defacement Found on google.de 11

12 Remote Shell Found on google.de 12

13 Countermeasures Don t put sensitive data on your web server! Check your web servers on a regular basis for threats! Consider using robots.txt with meta-tags (noarchive) What to do in case? Google: Yahoo: help.yahoo.com/l/us/yahoo/search/siteexplorer/delete/index.html Live Search: support.live.com/eform.aspx?productkey=wlsearchcontentremoval Check other search engines and their caches, too! 13

14 Pen-Tests Guidelines ISECOM: Open-Source Security Testing Methodology Manual NIST: Guideline on Network Security Testing BSI: Studie Durchführungskonzept für Penetrationstests OWASP: Open Web Application Security Project Testing Guide Security Standards ISO/IEC 27001/27002 BSI Grundschutz NIST 14

15 Thank you for your attention! 15