Natalino

Picone

Tech machine


Goolag.org – Dead Cow Cult Busy Again, Aim at Google

febbraio 24, 2008Nat0 Comments

What it does

If you haven’t heard of the Cult of the Dead Cow, well listen up: they’re a group of Texas hackers who champion internet privacy, security and liberty. This group counts among their members a Harvard researcher, a former UN official, published authors, and programmers from every which way. They’ve recently released Goolag, a web auditing tool aimed squarely at Google. It enables anyone to audit their own web site via the search engine. It uses Google search terms to find vulnerable systems. Basically, they want to expose the vulnerability of the web, and what better way to do it than using the Giant itself? The scanner is being released under a GNU license. It’s a standalone windows GUI based app and can be downloaded for free.

In their own words

“Goolag Scanner enables everyone to audit his or her own web

site via Google. The scanner technology is based on “Google hacking,” a form

of vulnerability research developed by Johnny I Hack Stuff. He’s a lovely

fellow. Go buy him a drink.

“It’s no big secret that the Web is the platform,” said cDc spokesmodel

Oxblood Ruffin. “And this platform pretty much sucks from a security

perspective. Goolag Scanner provides one more tool for web site owners to

patch up their online properties. We’ve seen some pretty scary holes through

random tests with the scanner in North America, Europe, and the Middle East.

If I were a government, a large corporation, or anyone with a large web site,

I’d be downloading this beast and aiming it at my site yesterday. The v

ulnerabilities are that serious.”

Why it might be a killer

The Dead Cow folks are certainly making an incendiary statement; however, like it or not, the web is susceptible to all sorts of things half of us couldn’t even imagine if we tried. The web is vulnerable, and Goolag scanner will point those vulnerabilities out. Companies, corporations, networks, can all use the scanner to see how serious their vulnerabilities are.

Some questions

The problem with this is that it works both ways. Yes, you can find out what your site’s weaknesses are but so can everyone else. Will DeadCow then use their knowledge to wreak havoc? Will others get to it first?

Updates

 » original news