What it does
If you haven’t heard of the Cult of the Dead Cow, well listen up: they’re a group of Texas hackers who champion internet privacy, security and liberty. This group counts among their members a Harvard researcher, a former UN official, published authors, and programmers from every which way. They’ve recently released Goolag, a web auditing tool aimed squarely at Google. It enables anyone to audit their own web site via the search engine. It uses Google search terms to find vulnerable systems. Basically, they want to expose the vulnerability of the web, and what better way to do it than using the Giant itself? The scanner is being released under a GNU license. It’s a standalone windows GUI based app and can be downloaded for free.
In their own words
“Goolag Scanner enables everyone to audit his or her own web
site via Google. The scanner technology is based on “Google hacking,” a form
of vulnerability research developed by Johnny I Hack Stuff. He’s a lovely
fellow. Go buy him a drink.
“It’s no big secret that the Web is the platform,” said cDc spokesmodel
Oxblood Ruffin. “And this platform pretty much sucks from a security
perspective. Goolag Scanner provides one more tool for web site owners to
patch up their online properties. We’ve seen some pretty scary holes through
random tests with the scanner in North America, Europe, and the Middle East.
If I were a government, a large corporation, or anyone with a large web site,
I’d be downloading this beast and aiming it at my site yesterday. The v
ulnerabilities are that serious.”
Why it might be a killer
The Dead Cow folks are certainly making an incendiary statement; however, like it or not, the web is susceptible to all sorts of things half of us couldn’t even imagine if we tried. The web is vulnerable, and Goolag scanner will point those vulnerabilities out. Companies, corporations, networks, can all use the scanner to see how serious their vulnerabilities are.
The problem with this is that it works both ways. Yes, you can find out what your site’s weaknesses are but so can everyone else. Will DeadCow then use their knowledge to wreak havoc? Will others get to it first?