CSC Security Expert Explores Google Hacking Threat in New Book
The threat lies in the fact that personal data often appears in court, medical and education records, many of which are easily—and legally—accessible on the Internet. Using a clever combination of keystrokes, a hacker can access Social Security numbers, credit card information and personal passwords—simply by using the popular Google search engine.
"There’s no limit to what you can find," says Long, a member of CSC’s Global Security Solutions division. "The threat is more real than ever because people are relying more on Web pages, and search engines are crawling more Web pages. As technology has expanded, it has compounded the problem."
 |
|
|
||
 |
||||
|
Related Information:
Learn more about CSC’s Global Security Solutions. Read a feature about CSC’s integrated security offerings. Contact us and let our experience help you produce results. |
|||
 |
||||
|
||||
While Google hacking is more of a threat to consumers and private individuals than to the large businesses and organizations that are typical CSC clients, Long notes that it can also be used to perform reconnaissance on corporate or government targets.
"We’ve seen glaring examples where we can get user names and passwords for a site, just with Google, and you can turn around and use them against the site," Long explains. "In cases like that, it’s a huge threat because you’ve just given away the keys to your kingdom. Beyond this type of data, even the smallest bits of information can be used to profile a network before an attack is launched."
Long’s book, released in December 2004, shows security practitioners how to protect their clients from Google hacking. Long calls upon his experience at CSC, where he has performed network and physical security assessments for hundreds of government and commercial clients. Long has made a career out of researching and breaking into computer systems to learn how to ultimately make them more secure. He adds that Google hacking is just one of myriad threats that CSC and its clients face on a daily basis.
CSC offers end-to-end protection
CSC’s Global Security Solutions address all aspects of a client’s needs to ensure total protection—offering an integrated portfolio of personnel, physical and information security to global commercial and government clients. Focusing on the entire risk management lifecycle, from governance to security administration, CSC’s solutions protect the critical assets and key processes against threats and vulnerabilities, both inside and outside an organization.
Increasingly stringent government regulations and privacy laws, corporate espionage, malicious hacker attacks, and fears about business continuity in the event of an attack are affecting both commercial and government organizations. In addition, the rise of Internet technologies and e-business, as well as growing use of peer-to-peer file-sharing and instant messaging services, demands that companies continually augment their security protection.
To that end, CSC offers an array of services. These include risk governance, risk management, managed security services, identity and access management, and compliance management.
CSC believes that end-to-end security is best achieved when client executives and IT staff can make informed security investments based on a shared insight into risk. To keep pace with those changing risks, CSC maintains state-of-the-art information security research and development labs in Australia, Germany, Sweden and the United States. Here, CSC researchers such as Long study threats and develop preemptive solutions to address those threats.
"I get paid to keep on top of the technology and techniques the bad guys are using," Long says. "And Google hacking is just one of many threats, one of many risks that are out there."
Related Information:
Contact us and let our experience help you produce results.